{
  "openapi": "3.0.0",
  "info": {
    "title": "ThreatDown APIs",
    "description": "# Introduction\nThreatDown Nebula API lets you remotely manage the security of your `Endpoints`, analyze their `assets`, perform advanced analysis on `Detections` of `Malware`, `Ransomware`, `Exploits` and other threats found by the `ThreatDown Endpoint Agent`, and issue jobs like `Scan`, `Isolate`, `Remediate` or `Reboot`.\n\nTo get started, you need a client credential pair (OAuth2 application). You can get a valid application through our sales team.\n\nYou can retrieve your `client_id` and `client_secret` credentials pair in your Nebula console by going to Settings > API Access. You must also know your Nebula `account_id`.\n\n## Cross-Origin Resource Sharing\n\nThis API features Cross-Origin Resource Sharing (CORS) implemented in compliance with [W3C spec](https://www.w3.org/TR/cors/).\nThis allows cross-domain communication from the browser.\nAll responses have a wildcard same-origin which makes them completely public and accessible to everyone, including any code on any site.\n\n## Authentication\n\nThreatDown API uses OAuth2, an open protocol to allow secure authorization in a simple and standard method from web, mobile, and desktop applications.\nSee the Authentication section for specific information about supported grants.\n\n## Access' scopes\n\nWhen creating a new application, you can decide the level of access it has to your account's data. This utility allows you to restrict the scope of access to your account's data depending on the application's needs. For example, if you only need to analyze detections found on your endpoint, the read scope will be enough to prevent that application from modifying data or issuing jobs.\n\nSpecifying access scopes gives you more control over the access of your data. For example, you may want your company's IT department to be able to isolate infected endpoints, while you may want your analysts to only read data for generating reports. To do so, you can create two applications using different scopes, and provide the right people with the right pair of credentials for programmatic access.\n\n## Rate Limiting\n\nThreatDown API implements a rate-limiting mechanism to prevent abuse. The rate-limiting mechanism is implemented using a leaky bucket algorithm. Once you exceed the available limit, our server will respond with a `429` status code. You can throttle your requests and retry them later.\n\nThe current limit, which you can see in the table below, has shown to be enough for most use cases. If you encounter `429` error codes, consider taking the following actions to minimize your APIs usage:\n\n- Subscribe to webhooks events instead of polling the API for reacting to changes.\n- Throttle the requests you send to the ThreatDown API for not exceeding the limit.\n- Batch requests when possible.\n- Contact us and request to increase the API quota for your application.\n\nCurrently, the default available quota is `360` requests per minute.\n",
    "version": "1.0.0",
    "x-logo": {
      "altText": "ThreatDown logo",
      "url": "https://eml-stg.malwarebytes.com/hermes/td-logo.png",
      "backgroundColor": "#FFFFFF"
    }
  },
  "tags": [
    {
      "name": "Account"
    },
    {
      "name": "App Block"
    },
    {
      "name": "Assets"
    },
    {
      "name": "Authentication"
    },
    {
      "name": "Case Management",
      "description": "The Case Management APIs are for managing Managed Detection and Response (MDR) and Managed Threat Hunting (MTH) cases."
    },
    {
      "name": "Content Filtering",
      "description": "The Content Filtering APIs are for managing content filtering rules used by the DNS module. These rules control what domains or categories of domains your endpoints have access to."
    },
    {
      "name": "DNS Logs",
      "description": "The DNS Filtering module limits the number of domain-based threats in your environment by allowing and blocking access across the network. Each time this occurs, a record is generated.\n\nUse these APIs to export the DNS activity and search through the logs."
    },
    {
      "name": "Detections",
      "description": "Detections contain information on threats such as malware, ransomware, and malicious URLs found across your account. \n\nUse the detection APIs to export detection data and retrieve details about a specific detection."
    },
    {
      "name": "Device Control",
      "description": "The Device Control feature manages access to USB storage drives. Activity is logged every time a USB device is blocked or restricted to read-only.\n\nUse the Device Control APIs to export device control activity, obtain information about a specific device control event, search for device control events, and view device control activity grouped by a selected parameter.\n\nIf your endpoints are running Endpoint Agent version 2.0.0.81 or newer, you can utilize the APIs that manage the Allowlist, or exclusions, for Device Control. The Allowlist provides the ability to override policy controls and prevent certain USB devices from being blocked by Device Control."
    },
    {
      "name": "Endpoints",
      "description": "## Endpoints Introduction\n\nAn Endpoint is a device which has the ThreatDown Endpoint Agent installed. Currently, there are available Endpoint Agents for Windows, macOS, and Linux. Refer to the installation guide for more information on registering a new Endpoint.\n\nUsing the Endpoint API, you can search your registered endpoints and retrieve their last known status. The API allows you to perform advanced queries and offers grouping capabilities so that you can perform deep analysis of your company's devices and the found threats, such as Detections or Suspicious Activities.\n\nYou can scan, isolate, remediate, and reboot your endpoints remotely through the Job APIs.\n\n## How to deploy an endpoint agent\n\n**Endpoint software can be installed in the following ways**:\n\n- Active Directory (AD) Group Policy\n- System Center Configuration Manager (SCCM)\n- Third-party deployment tools\n- Manually on the endpoints\n- Discovery & Deployment Tool\n\nOnce the installation is complete, the endpoints will be displayed in the console.\n\nYou can retrieve installers for your account through the `Installers` APIs.\n"
    },
    {
      "name": "Events",
      "description": "An event is a general term for a threat that has occurred, remediation or other action taken on a threat, and other endpoint-related activity."
    },
    {
      "name": "Exclusions",
      "description": "Exclusions allow you to prevent trusted applications, websites, and services from being detected by our security engine. This means they won't be scanned or blocked.\n\nUse these APIs to manage the exclusions across your account."
    },
    {
      "name": "Firewall Management"
    },
    {
      "name": "Flight-recorder",
      "description": "EDR customers can use Flight Recorder to search event data captured on endpoints that have suspicious activity monitoring enabled. \n\nUse these APIs to search through files, registry, processes, networking activity, and suspicious activities. This information can be used to investigate or identify indicators of compromise. "
    },
    {
      "name": "Grid",
      "description": "# Grid Introduction\n\nUsing the following API, you can search endpoints, detections, software inventory, vulnerabilities, rid rules, os-patches, device control events and dns logs. This API allows to perform filtering, sorting, grouping and aggregating of data by specifying constraints based on the field type.\n\nAvailable constraints for searching based on value type\n\n| Value Type | Constraints |\n| --- |----|\n| Simple String | equals, not_equals, contains, not_contains |\n| String (with enum) | equals, not_equals |\n| String/UUID (entity reference) | equals, not_equals |\n| Version | equals, not_equals |\n| Number | gt, lt, gte, lte |\n| Timestamp | start, end |\n| IP | ip |\n| Boolean | equals, not_equals |\n\nGrid API also supports compound constraints that can be constructed with the keywords **allOf**, **anyOf**, **noneOf**\n\nExample of compound constraint:\n\n```json\n{\n\"constraints\": [\n  {\n    \"allOf\": [\n      {\n        \"field\": \"agent.host_name\",\n        \"operator\": \"contains\",\n        \"value\": \"a\"\n      },\n      {\n          \"field\": \"machine.is_deleted\",\n          \"operator\": \"equals\",\n          \"value\": false\n      },\n      {\n        \"anyOf\": [\n          {\n            \"field\": \"agent.os_info.os_platform\",\n            \"operator\": \"equals\",\n            \"value\": \"Linux\"\n          },\n          {\n            \"field\": \"agent.os_info.os_platform\",\n            \"operator\": \"equals\",\n            \"value\": \"MacOS\"\n          }\n        ]\n      }\n    ]\n  }\n]\n}\n```\nIn this example all the records that contain **a** in the ***agent.host_name***, have ***machine.is_deleted*** set to false and whose ***os_platform*** is equal to **either** ***Linux*** or ***MacOS*** will be returned.\n"
    },
    {
      "name": "Groups",
      "description": "Groups are used to contain and organize endpoints. Policies, which determine the software settings, and endpoints, are assigned to groups. Endpoints use the policies in the groups they are assigned to determine which software settings are enabled.\n\nUse these APIs to create, manage, and move endpoints into groups."
    },
    {
      "name": "Installation Tokens",
      "description": "Use these APIs to generate, send, and revoke installation tokens used to activate Mobile Security for Business."
    },
    {
      "name": "Installers",
      "description": "The Installers APIs allow you to deploy the endpoint agent to Windows and macOS devices."
    },
    {
      "name": "Jobs",
      "description": "Jobs are tasks that are issued to endpoints. Use these APIs to manage, search, and export jobs."
    },
    {
      "name": "MDR"
    },
    {
      "name": "Notifications",
      "description": "This API offers a powerful tool to create notification subscriptions. There are different categories of notifications, for each category different constraints and output fields can be specified. Please see the documentation below for the category descriptions.\n\nNotifications can be delivered by email or webhooks. In both cases, it's possible to choose the output fields, but the value could be different for the two methods. In the email, some values are mapped to friendly names, as in the Nebula Console. For webhooks the values are the raw level ones. Here's a list of the mapped values.\n\n| Output field | Email values | Webhook values  |\n|--------------|--------------|-----------------|\n| role | Super Admin<br>Admin<br>Read Only User | SuperAdmin<br>Admin<br>ReadOnlyUser |\n| os_platform | Windows<br>MacOS<br>Linux | 1<br>2<br>3 |\n| category | Malware<br>PUP<br>PUM<br>Exploit<br>Ransomware<br>Remote<br>Website<br>Vulnerable Driver | MALWARE<br>PUP<br>PUM<br>AE<br>ARW<br>RID<br>MWAC<br>VULNERABLE_DRIVER |\n| status | Blocked<br>Found<br>Quarantined<br>Deleted<br>Restored | blocked<br>found<br>quarantined<br>deleted<br>restored |\n| threat_name | Malicious Website | web |\n| command | Scan<br>Restart<br>Restart<br>Remediate<br>Isolate<br>Remove isolation<br>Refresh Endpoint & Software Info<br>Check for protection updates<br>Check for software updates<br>Install software updates<br>Generate diagnostic logs<br>Delete active block rule<br>Upload file for analysis<br>Remove endpoint isolation<br>Isolate<br>Remediated endpoint<br>Endpoint logging level changed<br>Delete from quarantine<br>Restore from quarantine<br>Refresh policy<br>Apply OS Patch<br>Update Installed Software | command.threat.scan<br>command.service.restart<br>command.asset.reboot<br>command.threat.scan.remediate<br>command.edr.isolation<br>command.edr.unlock<br>command.asset.refresh<br>command.protection.update.now<br>command.machine.update.now<br>command.machine.plugin.updateparts<br>command.service.diag<br>command.bfp.rules.delete<br>command.edr.fileupload<br>command.edr.unlock.force<br>command.edr.lock<br>command.sequence.remediate<br>command.logging.level.set<br>command.threat.quarantine.remove<br>command.threat.quarantine.restore<br>command.policy.refresh<br>command.asset.patch<br>command.asset.updatesoftware |\n"
    },
    {
      "name": "OS Patches"
    },
    {
      "name": "Policies",
      "description": "A policy is a set of configurations that determine how the endpoint agent monitors your endpoints, such as protection and scan settings. Once a policy has been created, it needs to be assigned to a group in order to take affect. Endpoints will use the policy assigned to the group they belong to."
    },
    {
      "name": "Preferences",
      "description": "The Preferences APIs allow you to enable or disable all notifications of a specific type (email, webhook, slack, teams, admin app), without needing to modify or delete multiple notifications. "
    },
    {
      "name": "Products"
    },
    {
      "name": "Quarantine",
      "description": "When a harmful file is found on a device, it can be neutralized and placed in quarantine, preventing it from posing a threat. You can utilize the Quarantine APIs to export or check data for the existence of quarantined threats across your environments."
    },
    {
      "name": "Remediation"
    },
    {
      "name": "Remote Intrusion Detection",
      "description": "A remote intrusion detection (RID) occurs when a brute force protection rule is triggered according to policy settings.\n\nUse these APIs to export and search for RID rules by specific parameters."
    },
    {
      "name": "Reports"
    },
    {
      "name": "Sandbox"
    },
    {
      "name": "Schedules",
      "description": "Scheduled scans allow you to automate scans to run based on a certain schedule, rather than manually triggering a scan. \n\nUse these APIs to create and manage your scan schedules."
    },
    {
      "name": "Security Advisor"
    },
    {
      "name": "Suspicious Activity",
      "description": "Suspicious Activities are found using Endpoint Detection and Response (EDR). When Suspicious Activity Monitoring is enabled via the policy, EDR watches for potentially malicious behavior on your endpoints by monitoring the processes, registry, file system, and network activity. \n\nUse these APIs to retrieve the suspicious activity records and details."
    },
    {
      "name": "Usage"
    },
    {
      "name": "Users"
    },
    {
      "name": "Vulnerability Management"
    },
    {
      "name": "Webhooks",
      "description": "## Using Webhooks\n\nThreatDown can send webhook events that notify your application any time an event happens on your account.\nThis is useful for transactions which are not reported synchronously to your code when performing an API call, or for security events happening in your endpoints.\n\nYou can register multiple webhook handlers for any event. Any time an event occurs, we will send a `POST` request to any endpoint URLs you have registered for that event.\n\n## When to use Webhooks\n\nFor most requests, you don't need Webhooks. However, for all requests that involve asynchronous transactions, such as getting the report after a machine scan, you will need to register webhooks to get real-time notifications.\nThe alternative to registering webhooks is performing polling, but this is deeply discouraged: besides involving more complicated code on your side, you may exceed your quota and consequently your API plan.\n\n## How to configure Webhooks\n\nThreatDown provides you with REST APIs for creating, retrieving, and deleting subscriptions. Currently, subscriptions can be registered only through APIs.\n\n## Handling Webhook notifications and responding\n\nCreating a webhook handler on your server is no different from creating an API endpoint. Webhook data is sent as `JSON` data in the `POST` requests body. You can handle these requests and process data to fit your needs.\nTo acknowledge receipt of a webhook notification, your server must return a `2xx` `HTTP` status code. All response codes outside this range, including `3xx`, will be threatened as failures and we will try sending these notifications again using exponential backoff for calculating the delay between requests. The default maximum number of retries is `5`. You can configure the `max_retries` parameter when registering a new subscription to customize this behavior.\n\nIf your endpoint keeps responding with a status code outside the `2xx` range, after the default number of `maxAttempts`, we will stop sending the webhook notification. You will be responsible for reconciling your data by querying our API endpoints for potentially missed events.\n\nWe recommend you design idempotent event processing because you might receive the same event more than once.\n\n## How to verify Webhooks origin\n\nThreatDown will sign the webhook events it sends to your server. We do so by including a signature in each event’s `X-MWB-Signature` header. This allows you to validate that the events were sent by ThreatDown and not by a third party.\n\nTo protect your server from bad senders:\n\n- When you create a webhook subscription, you can supply an additional `secret_token` parameter. We will use that parameter as the signing key to generate an `HMAC` of the payload.\n- When you receive a webhook event, extract the request's body and compute:\n\n```\nHMAC_SHA256(secret_token, webhookPayload)\n```\n\n`secret_token` is the shared secret you configured when creating a subscription.\n\n- compare your result with the value of `X-MWB-Signature`. If those match, you can assume the notification was sent by ThreatDown.\n\n## Supported events\nThe supported events are:\n- job_status_change\n- detection\n- machine_events\n- threat_events\n- agent_events\n- quarantine_events\n- edr_events\n- syslog_events\n- exclusion_events\n- scheduled_events\n- policy_events\n- user_events\n- drive_events\n- cve_events\n- dns_events\n- license_events\n- appblock_events\n- endpoint_events\n\n## Events model\nWhen ThreatDown sends a webhook notification, it wraps the notification in an envelope in order to supply additional metadata. When you receive a webhook notification, expect the following data posted in the request body:\n\n| Name | Description | Type  |\n|------|-------------|-------|\n| event| The event type.  | string, one of supported events type listed above |\n| subscription_id | Unique identifier of the subscription that matched this event | string |\n| account_id | Nebula account id (site) generating this event | string |\n| payload | An object containing the event-specific data | object |\n\n**When you receive a webhook notification, you usually switch your processing logic depending on the value of the `event` property, which represents the event type. Depending on the value, the `payload` sent will have a different model. Refer to specific models below:**\n\n\n### job_status_change\nThe `job_status_change` event is sent when a job you issue through the `Jobs` APIs, change its status.\nThis allow you to track, for example, completed or failed scans.\nThe payload includes the following parameters:\n\n| Name | Description | Type  |\n|------|-------------|-------|\n| id   | Unique identifier of the job | string |\n| machine_id | Unique identifier of the endpoint | string |\n| command | Type of command. See the `Job` API for more info | string |\n| issued_by | User issuing the job. This is of your interest only if you use Nebula through cloud console UI as well | string |\n| status | Status of the job. It can be one of `PENDING`, `STARTED`, `TIMED_OUT`, `COMPLETED`, `EXPIRED`, `FAILED`.  | string |\n| relay_state | The relay state if you supplied one when issuing the job | string |\n| data | Job's settings. See the `Job` API for more info | object |\n| created_at | Timestamp indicating when the job was created | string |\n| updated_at | Timestamp indicating when the job was last updated | string |\n| expires_at | Timestamp indicating when the job expires | string |\n\nExample:\n\n```json\n{\n   \"event\":\"job_status_change\",\n   \"id\":\"cdf5f8e6-a3d0-4c33-a506-3c6cbce7bf0b\",\n   \"payload\":{\n      \"machine_id\":\"cf1ed661-812c-4342-9dc7-c806b90072c3\",\n      \"issued_by\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n      \"expires_at\":\"2020-08-31T11:22:31.624139429Z\",\n      \"command\":\"command.asset.refresh\",\n      \"data\":\"{}\",\n      \"status\":\"CREATED\",\n      \"id\":\"2c74da91-6e73-4867-8736-ca4b1f8effda\",\n      \"updated_at\":\"2020-08-28T11:22:31.625274922Z\",\n      \"created_at\":\"2020-08-28T11:22:31.624138004Z\"\n   },\n   \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n   \"subscription_id\":\"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n### Detection\n\nThe `detection` event is sent when ThreatDown finds one or more threats in your endpoints.\nThe payload includes the following parameters:\n\n| Name | Description | Type  |\n|------|-------------|-------|\n| id   | Unique identifier of the detection | string |\n| machine_id | Unique identifier of the endpoint where the detection happened | string |\n| machine_name | Name of the endpoint where the detection happened | string |\n| scan_id | Unique identifier of the scan triggering the detection | string |\n| group_id | Unique identifier of the group to which the endpoint belongs | string |\n| group_name | Name of the group to which the endpoint belongs | string |\n| policy_id | Unique identifier of the policy assigned to the endpoint | string |\n| policy_name | Name of the policy assigned to the endpoint | string |\n| detection_id | Unique identifier of the detection as reported by the endpoint agent | string |\n| scanned_at | Timestamp of the scan (as received by the server) | string |\n| scanned_at_local | Timestamp of the scan (as reported by the endpoint agent) | string |\n| reported_at | Timestamp of when the detection was reported | string |\n| status | The status of the detection (i.e. `blocked`, `quarantined`) | string |\n| threat_name | Name of the threat | string |\n| type | Type of the threat | string |\n| path | Path where the threat was found | string |\n| category | Category of the threat | string |\n| ip_address | IP address of the detection, when applicable | string |\n| url | URL of the detection, when applicable | string |\n| port | Port of the detection, when applicable | string |\n| affected_application | Affected application, when applicable | string |\n| md5 | Hash of the file, when applicable | string |\n| process_name | Name of the process, when applicable | string |\n\n### Policy Events\n\n#### Policy Updated\n```json\n{\n   \"event\":\"policy_events\",\n   \"id\":\"a8accc52-9f8c-4319-a2fd-975641f0ba7d\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"POLICY_UPDATED\",\n      \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n      \"details\":{\n         \"message\":\"Policy Updated\",\n         \"user_id\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n         \"user_email\":\"example@example.com\",\n         \"user_name\":\"Mister User\",\n         \"user_role\":\"Super Admin\",\n         \"policy_id\":\"870de3fa-073e-468f-8d3a-a7edddeae594\",\n         \"policy_name\":\"Aggressive Policy\",\n         \"ip_address\":\"37.157.101.160\"\n      },\n      \"user_id\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n      \"id\":\"579b0361-3e3f-4ab0-8453-84fc0f36f4e6\",\n      \"created_at\":\"2020-08-28T10:35:32.637936426Z\"\n   },\n   \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n   \"subscription_id\":\"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n#### Policy Created\n\n```json\n{\n   \"event\":\"policy_events\",\n   \"id\":\"40662e4a-60c7-4920-b788-59af13c2c23d\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"POLICY_CREATED\",\n      \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n      \"details\":{\n         \"message\":\"Policy Created\",\n         \"user_id\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n         \"user_email\":\"example@example.com\",\n         \"user_name\":\"Mister User\",\n         \"user_role\":\"Super Admin\",\n         \"policy_id\":\"b3bdce6e-a055-4246-b3a3-08237db82c9d\",\n         \"policy_name\":\"My new Policy\",\n         \"ip_address\":\"37.157.101.160\"\n      },\n      \"user_id\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n      \"id\":\"c8e4d487-8167-4a46-8bf2-c6ee331abd1b\",\n      \"created_at\":\"2020-08-28T11:01:49.015472172Z\"\n   },\n   \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n   \"subscription_id\":\"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n#### Policy Deleted\n```json\n{\n   \"event\":\"policy_events\",\n   \"id\":\"4a88d17d-3f48-452e-a871-32584d9b26cf\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"POLICY_DELETED\",\n      \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n      \"details\":{\n         \"message\":\"Policy Deleted\",\n         \"user_id\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n         \"user_email\":\"example@example.com\",\n         \"user_name\":\"Mister User\",\n         \"user_role\":\"Super Admin\",\n         \"policy_id\":\"b3bdce6e-a055-4246-b3a3-08237db82c9d\",\n         \"policy_name\":\"My new Policy\",\n         \"ip_address\":\"37.157.101.160\"\n      },\n      \"user_id\":\"86d6c44f-2d0d-4225-b1f7-23f47b5d1a7b\",\n      \"id\":\"ef09a4a9-5c9f-481c-beb6-4757ede35dc3\",\n      \"created_at\":\"2020-08-28T11:03:15.655679621Z\"\n   },\n   \"account_id\":\"550a20b8-6d36-4222-afbc-54d100f2e894\",\n   \"subscription_id\":\"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n### Machine Events\n\n#### Machine registered\n```json\n\n{\n   \"event\":\"machine_events\",\n   \"id\":\"43c1fbfd-788a-4839-86b6-b765dfdc59d5\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"MACHINE_REGISTERED\",\n      \"machine_id\":\"0eed4a65-81a9-4cae-91e6-d8cd8dbd775a\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"My PC\",\n      \"details\":{\n         \"message\":\"New machine registered\"\n      },\n      \"id\":\"ccb84b33-2d8e-4dcb-94a0-922fc669ce4a\",\n      \"created_at\":\"2020-08-28T11:28:05.083699037Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"5032842b-0dd1-44f4-a59e-feadc22c142d\"\n}\n```\n\n#### Machine unregistered\n```json\n{\n  \"event\": \"machine_events\",\n  \"id\": \"3883b459-b3c8-40d5-999a-18514f1a3db0\",\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"payload\": {\n    \"severity\": \"AUDIT\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"machine_id\": \"d5536936-941a-4e12-9e62-b11cda0f39a6\",\n    \"id\": \"d7653c62-eb23-4163-8cfc-43ef69aea9ad\",\n    \"created_at\": \"2022-03-30T13:11:52.925005454Z\",\n    \"machine_name\": \"LeBlanc\",\n    \"details\": {\n      \"message\": \"machine unregistered\",\n      \"timeout\": false\n    },\n    \"type\": \"MACHINE_UNREGISTERED\"\n  },\n  \"subscription_id\": \"3dc2a8d9-eb83-4127-afff-8fefa04f58e1\"\n}\n```\n\n#### Machine asset info\n```json\n{\n   \"event\":\"machine_events\",\n   \"id\":\"9ecdd1c2-eb50-4baa-be81-823897ebd55e\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"MACHINE_ASSET_INFO\",\n      \"machine_id\":\"cf406788-edea-4938-b0db-757379d21e11\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"Asset information received\"\n      },\n      \"id\":\"93ba7d7c-fcf4-43fd-9df8-8d857d6d3cd0\",\n      \"created_at\":\"2020-08-28T11:29:08.290089258Z\"\n   }\n}\n```\n\n#### Machine group changed\n```json\n{\n   \"event\":\"machine_events\",\n   \"id\":\"7541515f-95f7-49d3-8913-9cb31c0aa927\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"MACHINE_GROUP_CHANGED\",\n      \"machine_id\":\"36b53eb8-45f0-46c7-a395-1aa361f09021\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"NewEndpoint moved from Default Group to New Test Group ihg21jhkee5mhmr\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"machine_id\":\"36b53eb8-45f0-46c7-a395-1aa361f09021\",\n         \"machine_name\":\"NewEndpoint\"\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"d9613bf2-e5c5-4bce-9bf8-e138c792bc6b\",\n      \"created_at\":\"2020-08-28T11:30:09.249131849Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"5032842b-0dd1-44f4-a59e-feadc22c142d\"\n}\n```\n\n#### Machine alias created\n```json\n{\n  \"event\": \"machine_events\",\n  \"id\": \"50be8bed-d2e9-4a85-9bfa-6ccecd98137e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"MACHINE_ALIAS_CREATED\",\n    \"account_id\": \"08496dca-fc09-4757-9573-c033ce078985\",\n    \"user_id\": \"ea1b004e-5fd2-4fbc-bf09-5a00023704d0\",\n    \"id\": \"659dc314-a9a0-41c5-bde4-26f293947ede\",\n    \"created_at\": \"2021-03-01T10:19:31.732122237Z\",\n    \"details\": {\n      \"machine_id\": \"dc190e62-5424-4975-9913-1d84aec39300\",\n      \"new_alias\": \"Endpoint name\"\n    }\n  },\n  \"account_id\": \"08496dca-fc09-4757-9573-c033ce078985\",\n  \"subscription_id\": \"95dbb4e0-3cf2-4d81-a312-2ea6b6e7202c\"\n}\n```\n\n#### Machine alias changed\n```json\n{\n  \"event\": \"machine_events\",\n  \"id\": \"5563e7f9-3d04-48f0-b276-531fdff0b637\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"MACHINE_ALIAS_CHANGED\",\n    \"account_id\": \"08496dca-fc09-4757-9573-c033ce078985\",\n    \"user_id\": \"ea1b004e-5fd2-4fbc-bf09-5a00023704d0\",\n    \"id\": \"e38e8b75-a0e5-4794-bb05-f3ee4d5deed8\",\n    \"created_at\": \"2021-03-01T10:19:32.14157065Z\",\n    \"details\": {\n      \"machine_id\": \"dc190e62-5424-4975-9913-1d84aec39300\",\n      \"old_alias\": \"Endpoint name\",\n      \"new_alias\": \"Changed endpoint name\"\n    }\n  },\n  \"account_id\": \"08496dca-fc09-4757-9573-c033ce078985\",\n  \"subscription_id\": \"95dbb4e0-3cf2-4d81-a312-2ea6b6e7202c\"\n}\n```\n\n#### Machine alias deleted\n```json\n{\n  \"event\": \"machine_events\",\n  \"id\": \"6b30f551-2f7a-4170-bf7b-0a1175ad10df\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"MACHINE_ALIAS_DELETED\",\n    \"account_id\": \"08496dca-fc09-4757-9573-c033ce078985\",\n    \"user_id\": \"ea1b004e-5fd2-4fbc-bf09-5a00023704d0\",\n    \"id\": \"6b84564f-503d-4c60-bae7-c54f8092911b\",\n    \"created_at\": \"2021-03-01T10:19:59.212023675Z\",\n    \"details\": {\n      \"machine_id\": \"8b18023a-d108-420d-b435-c4b0132c1a6e\",\n      \"old_alias\": \"New endpoint name\"\n    }\n  },\n  \"account_id\": \"08496dca-fc09-4757-9573-c033ce078985\",\n  \"subscription_id\": \"95dbb4e0-3cf2-4d81-a312-2ea6b6e7202c\"\n}\n```\n\n### Exclusion events\n\n#### Exclusion created\n```json\n{\n   \"event\":\"exclusion_events\",\n   \"id\":\"3a1ff38c-0246-42e6-a859-06cfa4a3d4db\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"EXCLUSION_CREATED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"An Exclusion was Added\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"user_role\":\"Super Admin\",\n         \"exclusion_type\":1,\n         \"exclusion_value\":\"C:/testCreateExclusion/happypathihg21jhkee5l5na.txt\",\n         \"global_exclusion\":true\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"cfe2c8ae-6803-4c24-9f35-dfea16e902d9\",\n      \"created_at\":\"2020-08-28T11:29:06.745315507Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf65f446-e88f-409e-accf-de7f371013a2\"\n}\n```\n\n#### Exclusion updated\n```json\n{\n   \"event\":\"exclusion_events\",\n   \"id\":\"f6080c78-4d52-4593-935d-c33a85c7cd44\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"EXCLUSION_UPDATED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"An Exclusion was Edited\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"user_role\":\"Super Admin\",\n         \"exclusion_type\":6,\n         \"exclusion_value\":\"https://www.malwarebytesihg21jhkee5lbib.com/\",\n         \"global_exclusion\":true\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"31243b63-9b24-4dc9-b7f3-d5e2eb210496\",\n      \"created_at\":\"2020-08-28T11:29:14.236333504Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf65f446-e88f-409e-accf-de7f371013a2\"\n}\n```\n\n#### Exclusion enabled\n```json\n{\n   \"event\":\"exclusion_events\",\n   \"id\":\"f1277c42-8fb6-4615-ba3d-b4cdb00b1e78\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"EXCLUSION_ENABLED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"An Exclusion was Enabled\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"user_role\":\"Super Admin\",\n         \"exclusion_type\":6,\n         \"exclusion_value\":\"https://www.malwarebytesihg21jhkee5lh9c.com/\",\n         \"global_exclusion\":true\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"2833e903-955a-48a3-8a5d-8e05c1e8f75f\",\n      \"created_at\":\"2020-08-28T11:29:21.690971637Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf65f446-e88f-409e-accf-de7f371013a2\"\n}\n```\n\n#### Exclusion deleted\n```json\n{\n   \"event\":\"exclusion_events\",\n   \"id\":\"7ba0355e-44d9-4f5c-a5a0-2884b783c465\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"EXCLUSION_DELETED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"An Exclusion was Deleted\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"user_role\":\"Super Admin\",\n         \"exclusion_type\":1,\n         \"exclusion_value\":\"C:/testCreateExclusion/happypathihg21jhkee5ls7x.txt\",\n         \"global_exclusion\":true\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"03fc92e0-4e17-4ab8-9b85-cd74fa521660\",\n      \"created_at\":\"2020-08-28T11:29:36.655423399Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf65f446-e88f-409e-accf-de7f371013a2\"\n}\n```\n\n#### Exclusion disabled\n```json\n{\n   \"event\":\"exclusion_events\",\n   \"id\":\"f54f8b33-95ba-4591-96f8-d3dbfce7264d\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"EXCLUSION_DISABLED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"An Exclusion was Disabled\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"user_role\":\"Super Admin\",\n         \"exclusion_type\":6,\n         \"exclusion_value\":\"https://www.malwarebytesihg21jhkee5ln0w.com/\",\n         \"global_exclusion\":true\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"126430b1-8d09-4356-8533-524231a7aee9\",\n      \"created_at\":\"2020-08-28T11:29:29.158586114Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf65f446-e88f-409e-accf-de7f371013a2\"\n}\n```\n\n#### Exclusion bulk delete\n```json\n{\n   \"event\":\"exclusion_events\",\n   \"id\":\"1bf018a2-d93e-48a5-be17-579f1f4c8bac\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"EXCLUSION_BULK_DELETED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"Bulk Exclusions were Deleted\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"user_role\":\"Super Admin\",\n         \"exclusion_count\":2\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"a0d18178-f772-48bd-bc12-8c421b4dacc1\",\n      \"created_at\":\"2020-08-28T11:29:45.054762536Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf65f446-e88f-409e-accf-de7f371013a2\"\n}\n```\n\n### Threat events\n\n#### Threat found\n```json\n{\n   \"event\":\"threat_events\",\n   \"id\":\"ebaef39a-40fd-4575-9fe7-2e07fd04d76f\",\n   \"payload\":{\n      \"severity\":\"SEVERE\",\n      \"type\":\"THREAT_FOUND\",\n      \"machine_id\":\"b11220d5-60f5-4f25-adf1-03bebd14f2f2\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"Webhook validator\",\n      \"details\":{\n         \"message\":\"Scan event notification\"\n      },\n      \"id\":\"5984e884-8f7b-407a-892e-51bea5fa86e2\",\n      \"created_at\":\"2020-08-28T11:29:08.496072781Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"820e96cd-0fd4-4ed7-af74-8d1896322a3a\"\n}\n```\n\n#### Threat scan success\n```json\n{\n   \"event\":\"threat_events\",\n   \"id\":\"8eb6aabb-9a70-44d8-b767-5ceedf80893b\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"THREAT_SCAN_SUCCESS\",\n      \"machine_id\":\"b11220d5-60f5-4f25-adf1-03bebd14f2f2\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"Webhook validator\",\n      \"details\":{\n         \"message\":\"Threat scan result received\"\n      },\n      \"id\":\"10032184-9bfb-42b0-aab1-678b5cef859f\",\n      \"created_at\":\"2020-08-28T11:29:08.46647437Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"820e96cd-0fd4-4ed7-af74-8d1896322a3a\"\n}\n```\n\n#### Threat cleaned\n```json\n{\n   \"event\":\"threat_events\",\n   \"id\":\"a01f1de7-a072-4a98-b728-425706318cf8\",\n   \"payload\":{\n      \"severity\":\"WARNING\",\n      \"type\":\"THREAT_CLEANED\",\n      \"machine_id\":\"06667ced-ed77-4cb5-bf17-ab45a6457ec6\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"Scan event notification\",\n         \"scan_id\":\"4169c48d-2c03-40fd-8965-240e6d6b94f9\",\n         \"scan_type\":\"ThreatScan\",\n         \"group_name\":\"Default Group\",\n         \"group_id\":\"513cf384-d53d-44b9-9813-db69a0e12d16\",\n         \"policy_id\":\"138d00b0-05d0-4370-bd0e-d8b9db66dd0f\",\n         \"policy_name\":\"Default Policy\",\n         \"detections_found\":0,\n         \"detections_cleaned\":1,\n         \"scan_date\":\"2020-08-28T11:29:25Z\",\n         \"scan_date_offset_seconds\":0,\n         \"domain\":\"corp.mb-test.com\",\n         \"ip_addresses\":[\n            \"10.100.136.53\"\n         ],\n         \"detections\":[\n            {\n               \"id\":\"544064a5-b1bb-439b-b4df-2536d5949cfe\",\n               \"trace_id\":\"4169c48d-2c03-40fd-8965-240e6d6b94f9_7fccf164-95bd-4035-a9bc-48a6dcf510c8\",\n               \"scan_id\":\"4169c48d-2c03-40fd-8965-240e6d6b94f9\",\n               \"machine_id\":\"06667ced-ed77-4cb5-bf17-ab45a6457ec6\",\n               \"machine_name\":\"NewEndpoint\",\n               \"group_id\":\"513cf384-d53d-44b9-9813-db69a0e12d16\",\n               \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n               \"detection_id\":\"7fccf164-95bd-4035-a9bc-48a6dcf510c8\",\n               \"parent_detection_id\":\"\",\n               \"correlation_hash\":\"\",\n               \"scanned_at\":\"2020-08-28T11:29:25Z\",\n               \"scanned_at_offset_seconds\":0,\n               \"reported_at\":\"2020-08-28T11:29:26.138544Z\",\n               \"cleaned_at\":\"0001-01-01T00:00:00Z\",\n               \"status\":\"quarantined\",\n               \"threat_name\":\"PUP.Optional.FooBar\",\n               \"type\":\"WyJmaWxlIl0=\",\n               \"path\":\"C:\\\\\\\\USERS\\\\\\\\ADMIN\\\\\\\\DESKTOP\\\\\\\\c8e09e6a-6619-44f3-9b5c-f7a15d258aeb.EXE\",\n               \"category\":\"PUP\",\n               \"is_rtp_stream_event\":false,\n               \"affected_application\":\"\",\n               \"md5\":\"\",\n               \"process_name\":\"\",\n               \"GroupName\":\"\",\n               \"PolicyID\":\"\",\n               \"PolicyName\":\"\",\n               \"CurrentGroupID\":\"00000000-0000-0000-0000-000000000000\"\n            }\n         ]\n      },\n      \"id\":\"26c47666-02a2-452c-b382-07942372d0df\",\n      \"created_at\":\"2020-08-28T11:29:26.191675412Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"820e96cd-0fd4-4ed7-af74-8d1896322a3a\"\n}\n```\n\n#### Threat remediate success\n```json\n{\n   \"event\":\"threat_events\",\n   \"id\":\"2cc1807e-9b33-4de0-9d50-c240839bc79a\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"THREAT_REMEDIATE_SUCCESS\",\n      \"machine_id\":\"a0f29eef-257a-4101-a814-074ee462c949\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"\"\n      },\n      \"id\":\"155f60f3-8128-446c-b409-580fad9b247f\",\n      \"created_at\":\"2020-08-28T11:30:31.264848509Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"820e96cd-0fd4-4ed7-af74-8d1896322a3a\"\n}\n```\n\n#### Threat remediate failure\n```json\n{\n   \"event\":\"threat_events\",\n   \"id\":\"99def8df-e1c7-4558-9287-009d3d87949e\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"THREAT_REMEDIATE_FAILURE\",\n      \"machine_id\":\"40919ac8-a2cd-458d-ba49-8af92c19ca54\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"\"\n      },\n      \"id\":\"22f8269a-8e1f-4b22-a29a-b7d16b6bc376\",\n      \"created_at\":\"2020-08-28T11:30:57.669921894Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"820e96cd-0fd4-4ed7-af74-8d1896322a3a\"\n}\n```\n\n#### Threat found\n```json\n{\n   \"event\":\"threat_events\",\n   \"id\":\"d9cd9bc7-b5c2-49b3-88ca-9682ffe015ca\",\n   \"payload\":{\n      \"severity\":\"SEVERE\",\n      \"type\":\"THREAT_FOUND\",\n      \"machine_id\":\"58e326bc-de1f-49a6-926f-def0065275b3\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"Scan event notification\",\n         \"scan_id\":\"1dad28d1-7a34-40df-96dc-4ee9781e9363\",\n         \"scan_type\":\"ThreatScan\",\n         \"group_name\":\"Default Group\",\n         \"group_id\":\"513cf384-d53d-44b9-9813-db69a0e12d16\",\n         \"policy_id\":\"138d00b0-05d0-4370-bd0e-d8b9db66dd0f\",\n         \"policy_name\":\"Default Policy\",\n         \"detections_found\":1,\n         \"detections_cleaned\":0,\n         \"scan_date\":\"2020-08-28T11:29:25Z\",\n         \"scan_date_offset_seconds\":0,\n         \"domain\":\"corp.mb-test.com\",\n         \"ip_addresses\":[\n            \"10.100.136.53\"\n         ],\n         \"detections\":[\n            {\n               \"id\":\"e659d7d7-7bc3-49e2-b3e7-7a44bf37753e\",\n               \"trace_id\":\"1dad28d1-7a34-40df-96dc-4ee9781e9363_f596c2bf-f55c-4fa9-8dfa-17861ca8e84b\",\n               \"scan_id\":\"1dad28d1-7a34-40df-96dc-4ee9781e9363\",\n               \"machine_id\":\"58e326bc-de1f-49a6-926f-def0065275b3\",\n               \"machine_name\":\"NewEndpoint\",\n               \"group_id\":\"513cf384-d53d-44b9-9813-db69a0e12d16\",\n               \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n               \"detection_id\":\"f596c2bf-f55c-4fa9-8dfa-17861ca8e84b\",\n               \"parent_detection_id\":\"\",\n               \"correlation_hash\":\"\",\n               \"scanned_at\":\"2020-08-28T11:29:25Z\",\n               \"scanned_at_offset_seconds\":0,\n               \"reported_at\":\"2020-08-28T11:29:25.763388Z\",\n               \"cleaned_at\":\"0001-01-01T00:00:00Z\",\n               \"status\":\"found\",\n               \"threat_name\":\"PUP.Optional.FooBar\",\n               \"type\":\"WyJmaWxlIl0=\",\n               \"path\":\"C:\\\\\\\\USERS\\\\\\\\ADMIN\\\\\\\\DESKTOP\\\\\\\\80febe47-44fe-4b5e-9549-4677b5d8dc8d.EXE\",\n               \"category\":\"PUP\",\n               \"is_rtp_stream_event\":false,\n               \"affected_application\":\"\",\n               \"md5\":\"\",\n               \"process_name\":\"\",\n               \"GroupName\":\"\",\n               \"PolicyID\":\"\",\n               \"PolicyName\":\"\",\n               \"CurrentGroupID\":\"00000000-0000-0000-0000-000000000000\"\n            }\n         ]\n      },\n      \"id\":\"41668db4-af52-4547-84eb-f68a4ed55cb2\",\n      \"created_at\":\"2020-08-28T11:29:25.818909871Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"820e96cd-0fd4-4ed7-af74-8d1896322a3a\"\n}\n```\n\n### EDR events\n\n#### Suspicious activity detection\n\n```json\n{\n  \"event\": \"edr_events\",\n  \"id\": \"48d1658e-87d8-4df4-87a8-27cecded2174\",\n  \"payload\": {\n    \"severity\": \"WARNING\",\n    \"type\": \"EDR_SUSPICIOUS_ACTIVITY\",\n    \"account_id\": \"683645cb-edf4-4a81-aa1f-efd87c53851d\",\n    \"machine_id\": \"3a89e0b2-47db-4fe2-b6ba-8cd520bc5833\",\n    \"id\": \"31cc7f69-4def-4291-89b8-6f7defb5b702\",\n    \"created_at\": \"2021-03-10T15:09:45.055891846Z\",\n    \"details\": {\n      \"message\": \"C:\\\\REG-DISABLE-CMD359B71O4LKM3KQO3G.EXE\"\n    },\n    \"machine_name\": \"NewEndpoint\"\n  },\n  \"account_id\": \"683645cb-edf4-4a81-aa1f-efd87c53851d\",\n  \"subscription_id\": \"c817dbda-95f5-4956-a6db-cc070ff0bd6d\"\n}\n```\n\n#### Restore success\n\n```json\n{\n  \"event\":\"edr_events\",\n  \"id\":\"ae69d649-bd12-4948-9c98-342ba890f9a3\",\n  \"payload\":\n  {\n    \"severity\":\"INFO\",\n    \"type\":\"EDR_RESTORE_SUCCESS\",\n    \"machine_id\":\"7f0d7483-92a8-4da5-9754-f7c16e4c3105\",\n    \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n    \"details\":{\"message\":\"\"},\n    \"id\":\"64a6fdef-31f1-4ec8-8c2a-a3d2c2f1f290\",\n    \"machine_name\":\"NewEndpoint\",\n    \"created_at\":\"2020-08-31T10:51:50.396082575Z\"\n  },\n  \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n  \"subscription_id\":\"ea725d97-11c2-4a34-9022-221b347c731d\"\n}\n```\n\n#### Restore failure\n\n```json\n{\n  \"event\":\"edr_events\",\n  \"id\":\"9abec3e1-99ec-4af6-9ef1-e56453b402e8\",\n  \"payload\":\n  {\n    \"severity\":\"INFO\",\n    \"type\":\"EDR_RESTORE_FAILURE\",\n    \"machine_id\":\"a207f475-7e6d-4c0d-8664-f8ddb6c1bb8a\",\n    \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n    \"details\":{\"message\":\"\"},\n    \"id\":\"1ae86c7a-9b45-4f8d-800b-cc5885964737\",\n    \"machine_name\":\"NewEndpoint\",\n    \"created_at\":\"2020-08-31T10:52:16.910215996Z\"\n  },\n  \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n  \"subscription_id\":\"ea725d97-11c2-4a34-9022-221b347c731d\"\n}\n```\n\n#### Isolation success\n\n```json\n{\n  \"event\":\"edr_events\",\n  \"id\":\"7866c914-b4f9-4e99-8002-501079b2ca86\",\n  \"payload\":\n  {\n    \"severity\":\"INFO\",\n    \"type\":\"EDR_ISOLATION_SUCCESS\",\n    \"machine_id\":\"f468073b-8715-49e4-a51f-903b86d8a57e\",\n    \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n    \"details\":{\n      \"message\":\"Endpoint isolation succeeded\"\n    },\n    \"id\":\"1c2b8b90-56d5-4bfd-97c1-073b0a4ea184\",\n    \"machine_name\":\"NewEndpoint\",\n    \"created_at\":\"2020-08-31T10:52:43.345700926Z\"\n  },\n  \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n  \"subscription_id\":\"ea725d97-11c2-4a34-9022-221b347c731d\"\n}\n```\n\n#### Isolation failure\n\n```json\n{\n  \"event\":\"edr_events\",\n  \"id\":\"b7265e89-c05f-4c9f-bc1b-d5ef1cbf2439\",\n  \"payload\":{\n    \"severity\":\"INFO\",\n    \"type\":\"EDR_ISOLATION_FAILURE\",\n    \"machine_id\":\"0361f318-4f01-4cef-8c5b-580f721eae8f\",\n    \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n    \"details\":{\n      \"message\":\"Endpoint isolation failed\"\n    },\n    \"id\":\"c64d1c74-8cf5-4afa-91ec-23e87c735b05\",\n    \"machine_name\":\"NewEndpoint\",\n    \"created_at\":\"2020-08-31T10:53:09.878218526Z\"\n  },\n  \"account_id\":\"caef93d6-92bc-4731-a51f-f61685cca765\",\n  \"subscription_id\":\"ea725d97-11c2-4a34-9022-221b347c731d\"\n}\n```\n\n#### Unisolation success\n\n```json\n{\n  \"event\": \"edr_events\",\n  \"id\": \"002e4f0a-2911-4ccb-aeb6-08d4ee5696de\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"EDR_UNISOLATION_SUCCESS\",\n    \"machine_id\": \"f1e3a297-0039-4fb6-b736-e14e10a7b3c7\",\n    \"account_id\": \"caef93d6-92bc-4731-a51f-f61685cca765\",\n    \"details\": {\n      \"message\": \"Endpoint un-isolation succeeded\"\n    },\n    \"id\": \"5d8f7034-1d4c-4551-a4f7-d54d85de4dcd\",\n    \"machine_name\": \"NewEndpoint\",\n    \"created_at\": \"2020-08-31T10:53:36.517826109Z\"\n  },\n  \"account_id\": \"caef93d6-92bc-4731-a51f-f61685cca765\",\n  \"subscription_id\": \"ea725d97-11c2-4a34-9022-221b347c731d\"\n}\n```\n\n#### Unisolation failure\n\n```json\n{\n  \"event\": \"edr_events\",\n  \"id\": \"0c3b07b2-4a3f-4b88-9d60-314d0fdf8314\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"EDR_UNISOLATION_FAILURE\",\n    \"machine_id\": \"0f92d8e2-c9a1-4666-9e05-deb63a139ca7\",\n    \"account_id\": \"caef93d6-92bc-4731-a51f-f61685cca765\",\n    \"details\": {\n      \"message\": \"Endpoint un-isolation failed\"\n    },\n    \"id\": \"60ed3071-19d3-4d56-8818-842666d356e6\",\n    \"machine_name\": \"NewEndpoint\",\n    \"created_at\": \"2020-08-31T10:54:03.055317564Z\"\n  },\n  \"account_id\": \"caef93d6-92bc-4731-a51f-f61685cca765\",\n  \"subscription_id\": \"ea725d97-11c2-4a34-9022-221b347c731d\"\n}\n```\n\n### Syslog events\n\n#### Communication endpoint added\n\n```json\n{\n   \"event\":\"syslog_events\",\n   \"id\":\"59936c65-d1ad-4fb9-8e6f-191a7dc94d4c\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"SYSLOG_COMMUNICATION_ENDPOINT_ADDED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com Added Syslog Communication Endpoint\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"machine_id\":\"e21c1572-cbf5-4f41-a8f2-f520b752b244\",\n         \"machine_name\":\"NewEndpoint\"\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"4663c1b1-86ba-4ae8-aab9-bbb33892bdc0\",\n      \"created_at\":\"2020-08-28T11:29:26.553694088Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"d5d7d7aa-43f0-483a-913a-49f3e282b964\"\n}\n```\n\n#### Communication endpoint removed\n```json\n{\n   \"event\":\"syslog_events\",\n   \"id\":\"5e3a440b-b6b3-4c17-a6af-1593419ceecc\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"SYSLOG_COMMUNICATION_ENDPOINT_REMOVED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com Removed Syslog Communication Endpoint\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"machine_id\":\"e21c1572-cbf5-4f41-a8f2-f520b752b244\",\n         \"machine_name\":\"NewEndpoint\"\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"dd6ccb44-0cfb-4c92-8080-2b77637e809a\",\n      \"created_at\":\"2020-08-28T11:29:33.371490102Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"d5d7d7aa-43f0-483a-913a-49f3e282b964\"\n}\n```\n\n#### Communication endpoint disabled\n```json\n{\n   \"event\":\"syslog_events\",\n   \"id\":\"22c64b19-2a10-429f-b785-4db3ea0876bb\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"SYSLOG_COMMUNICATION_ENDPOINT_DISABLED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com Disabled Syslog Communication Endpoint\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"machine_id\":\"e21c1572-cbf5-4f41-a8f2-f520b752b244\",\n         \"machine_name\":\"NewEndpoint\"\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"e4856d8e-c00f-4e96-a1e2-58d89bed0813\",\n      \"created_at\":\"2020-08-28T11:29:40.182107484Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"d5d7d7aa-43f0-483a-913a-49f3e282b964\"\n}\n```\n\n#### Communication endpoint enabled\n```json\n{\n   \"event\":\"syslog_events\",\n   \"id\":\"552c6be3-fdf2-4350-9a2e-1f90fa5feb39\",\n   \"payload\":{\n      \"severity\":\"AUDIT\",\n      \"type\":\"SYSLOG_COMMUNICATION_ENDPOINT_ENABLED\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"details\":{\n         \"message\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com Enabled Syslog Communication Endpoint\",\n         \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n         \"user_email\":\"tagalileogalilei+ihg21jbkee5i0f0@gmail.com\",\n         \"user_name\":\"Webhooks Tests\",\n         \"machine_id\":\"e21c1572-cbf5-4f41-a8f2-f520b752b244\",\n         \"machine_name\":\"NewEndpoint\"\n      },\n      \"user_id\":\"d10235ef-e177-4c31-a2b7-ea40a80e6824\",\n      \"id\":\"08bc431c-0e68-47e7-848d-56ed5ae54952\",\n      \"created_at\":\"2020-08-28T11:29:46.987196405Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"d5d7d7aa-43f0-483a-913a-49f3e282b964\"\n}\n```\n\n### Scheduled events\n\n#### Scheduled threat scan success\n```json\n{\n   \"event\":\"scheduled_events\",\n   \"id\":\"2bfccc7d-0706-4fda-a32f-24016d19dc94\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"SCHEDULED_THREAT_SCAN_SUCCESS\",\n      \"machine_id\":\"cf406788-edea-4938-b0db-757379d21e11\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"scan_id\":\"86412100-2b43-4c44-af9e-fb1697b2f019\",\n         \"schedule_id\":\"047cb2f2-2bb9-43e7-974e-625c451bf21e\",\n         \"schedule_name\":\"Daily Scan\",\n         \"schedule_command_data\":\"{\\\"schedule_for_chromeos\\\":true,\\\"schedule_for_mac\\\":true,\\\"schedule_for_windows\\\":true,\\\"scan_settings\\\":{\\\"type\\\":\\\"ThreatScan\\\",\\\"remove\\\":true},\\\"mac_scan_settings\\\":{\\\"remove\\\":true,\\\"pup_detection\\\":\\\"Detect\\\"},\\\"chromeos_scan_settings\\\":{}}\"\n      },\n      \"id\":\"f2816da1-5244-4338-a85e-0809da72d77c\",\n      \"created_at\":\"2020-08-28T11:29:26.403277042Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf5031f5-e0cb-4bf9-a581-fdf5c6289906\"\n}\n```\n\n#### Scheduled threat scan failure\n```json\n{\n   \"event\":\"scheduled_events\",\n   \"id\":\"fac11237-7602-427f-ad6f-c230c138d774\",\n   \"payload\":{\n      \"severity\":\"WARNING\",\n      \"type\":\"SCHEDULED_THREAT_SCAN_FAILURE\",\n      \"machine_id\":\"fc2b39dc-d49a-4a62-b1db-f1c9239e4f13\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"scan_id\":\"00000000-0000-0000-0000-000000000000\",\n         \"schedule_id\":\"047cb2f2-2bb9-43e7-974e-625c451bf21e\",\n         \"schedule_name\":\"Daily Scan\",\n         \"schedule_command_data\":\"{\\\"schedule_for_chromeos\\\":true,\\\"schedule_for_mac\\\":true,\\\"schedule_for_windows\\\":true,\\\"scan_settings\\\":{\\\"type\\\":\\\"ThreatScan\\\",\\\"remove\\\":true},\\\"mac_scan_settings\\\":{\\\"remove\\\":true,\\\"pup_detection\\\":\\\"Detect\\\"},\\\"chromeos_scan_settings\\\":{}}\"\n      },\n      \"id\":\"6f8b5e95-382e-44ef-9621-1921cad7b952\",\n      \"created_at\":\"2020-08-28T11:29:52.346309401Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"cf5031f5-e0cb-4bf9-a581-fdf5c6289906\"\n}\n```\n\n### Quarantine events\n\n#### Quarantine deleted\n```json\n{\n   \"event\":\"quarantine_events\",\n   \"id\":\"38fadc7a-c7e6-4562-a29e-c411cdc2d85e\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"QUARANTINE_DELETED\",\n      \"machine_id\":\"06667ced-ed77-4cb5-bf17-ab45a6457ec6\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"C:\\\\\\\\USERS\\\\\\\\ADMIN\\\\\\\\DESKTOP\\\\\\\\c8e09e6a-6619-44f3-9b5c-f7a15d258aeb.EXE\",\n         \"detection_id\": \"b271af4a-8967-4916-9045-c27cbe1c8f36\"\n      },\n      \"id\":\"1534989f-f720-40d3-b4a8-d2640c8127c4\",\n      \"created_at\":\"2020-08-28T11:29:26.992510864Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"3471740f-aaa8-4e2c-8695-2bfb3e378d61\"\n}\n```\n\n#### Quarantine restored\n```json\n{\n   \"event\":\"quarantine_events\",\n   \"id\":\"56098088-35ce-44e2-ad1e-1d394580d7b2\",\n   \"payload\":{\n      \"severity\":\"INFO\",\n      \"type\":\"QUARANTINE_RESTORED\",\n      \"machine_id\":\"23f22e64-d7d0-4134-9e0a-df2d4372d42f\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"C:\\\\\\\\USERS\\\\\\\\ADMIN\\\\\\\\DESKTOP\\\\\\\\895705b2-4924-4a58-9f57-38bf17190f0e.EXE\",\n         \"detection_id\": \"b271af4a-8967-4916-9045-c27cbe1c8f36\"\n      },\n      \"id\":\"851d94de-38f9-4f13-983c-1240e5847bac\",\n      \"created_at\":\"2020-08-28T11:30:22.246451515Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"3471740f-aaa8-4e2c-8695-2bfb3e378d61\"\n}\n```\n\n#### Restore quarantine fail\n```json\n{\n   \"event\":\"quarantine_events\",\n   \"id\":\"23e86e5f-41ba-4227-9b99-d4d0f6aaf0bb\",\n   \"payload\":{\n      \"severity\":\"WARNING\",\n      \"type\":\"QUARANTINE_RESTORE_FAIL\",\n      \"machine_id\":\"f5271fe1-1d4b-462f-97a3-c1c610e6ba80\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"C:\\\\\\\\USERS\\\\\\\\ADMIN\\\\\\\\DESKTOP\\\\\\\\5d2c45f2-a076-4bdb-8cf0-060fa6bb486f.EXE\",\n         \"detection_id\": \"b271af4a-8967-4916-9045-c27cbe1c8f36\"\n      },\n      \"id\":\"844d1e23-0e34-4237-bc2d-972758d67a90\",\n      \"created_at\":\"2020-08-28T11:30:48.946977118Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"3471740f-aaa8-4e2c-8695-2bfb3e378d61\"\n}\n```\n\n#### Delete quarantine fail\n\n```json\n{\n   \"event\":\"quarantine_events\",\n   \"id\":\"308c0fcf-90e9-4036-a572-82de8aeb5075\",\n   \"payload\":{\n      \"severity\":\"WARNING\",\n      \"type\":\"QUARANTINE_DELETE_FAIL\",\n      \"machine_id\":\"4d59b887-34ad-49a2-a103-1ba24dd790f1\",\n      \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n      \"machine_name\":\"NewEndpoint\",\n      \"details\":{\n         \"message\":\"C:\\\\\\\\USERS\\\\\\\\ADMIN\\\\\\\\DESKTOP\\\\\\\\3e7e7a17-969a-4d07-8126-fe62f3b26e82.EXE\",\n         \"detection_id\": \"b271af4a-8967-4916-9045-c27cbe1c8f36\"\n      },\n      \"id\":\"eabbd68e-ca6e-4ec9-aa9a-2e448e9983d5\",\n      \"created_at\":\"2020-08-28T11:29:55.416828312Z\"\n   },\n   \"account_id\":\"47632e8c-f125-4875-8d5b-ab24275c90a8\",\n   \"subscription_id\":\"3471740f-aaa8-4e2c-8695-2bfb3e378d61\"\n}\n```\n\n### Users Events\n\n#### User invited\n```json\n{\n  \"event\": \"user_events\",\n  \"id\": \"d3f25ec6-e943-495a-b251-f73dca979c1e\",\n  \"payload\": {\n    \"severity\": \"AUDIT\",\n    \"type\": \"USER_INVITED\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"user_id\": \"c79a9d0b-7fc5-413c-8161-182873f7870f\",\n    \"id\": \"d38df30e-5601-40fb-92d1-c6cc55086fce\",\n    \"created_at\": \"2021-03-10T12:56:26.316135667Z\",\n    \"details\": {\n      \"message\": \"Email: tifiy10802@566dh.com, Role: Super Admin\",\n      \"ip_address\": \"90.191.127.234\",\n      \"invited_by\": \"avitella@malwarebytes.com\",\n      \"invitee_role\": \"SuperAdmin\",\n      \"invitee_groupIDs\": null,\n      \"invitee_email\": \"tifiy10802@566dh.com\",\n      \"invitee_allGroupsAccess\": true\n    }\n  },\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"subscription_id\": \"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n#### User verified\n```json\n{\n  \"event\": \"user_events\",\n  \"id\": \"81ca10e2-73fa-4008-b391-f0efe63e3ca5\",\n  \"payload\": {\n    \"severity\": \"AUDIT\",\n    \"type\": \"USER_VERIFIED\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"user_id\": \"a1b739d8-ad84-4730-bb92-252d372ebee4\",\n    \"id\": \"878c484f-73d0-4482-8e38-7a8953059074\",\n    \"created_at\": \"2021-03-10T12:57:46.961165627Z\",\n    \"details\": {\n      \"message\": \"tifiy10802@566dh.com\"\n    }\n  },\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"subscription_id\": \"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n#### User role updated\n```json\n{\n  \"event\": \"user_events\",\n  \"id\": \"a5696568-490b-44cb-83d3-b97c27b5c272\",\n  \"payload\": {\n    \"severity\": \"AUDIT\",\n    \"type\": \"USER_ROLE_UPDATED\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"user_id\": \"c79a9d0b-7fc5-413c-8161-182873f7870f\",\n    \"id\": \"b6eaceeb-b66a-4f3c-b2d3-1928f959a04d\",\n    \"created_at\": \"2021-03-10T12:59:19.612242246Z\",\n    \"details\": {\n      \"message\": \"Changed the role for user test (tifiy10802@566dh.com) from Super Admin to Admin\",\n      \"user_id\": \"c79a9d0b-7fc5-413c-8161-182873f7870f\",\n      \"user_email\": \"avitella@malwarebytes.com\",\n      \"user_name\": \"Alessio Vitella\"\n    }\n  },\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"subscription_id\": \"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n#### User group role updated\n```json\n{\n  \"event\": \"user_events\",\n  \"id\": \"700e2e19-7dd5-4dc9-aa75-436bc4ce4449\",\n  \"payload\": {\n    \"severity\": \"AUDIT\",\n    \"type\": \"USER_GROUP_ACCESS_UPDATED\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"user_id\": \"c79a9d0b-7fc5-413c-8161-182873f7870f\",\n    \"id\": \"9e3b48c9-3fee-46dd-807a-3f567205feeb\",\n    \"created_at\": \"2021-03-10T12:59:34.6325247Z\",\n    \"details\": {\n      \"message\": \"Group access updated for user test (tifiy10802@566dh.com)\",\n      \"user_id\": \"c79a9d0b-7fc5-413c-8161-182873f7870f\",\n      \"user_email\": \"avitella@malwarebytes.com\",\n      \"user_name\": \"Alessio Vitella\"\n    }\n  },\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"subscription_id\": \"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n#### User deleted\n```json\n{\n  \"event\": \"user_events\",\n  \"id\": \"acd4187a-df1e-45bf-8ef7-ef8e666c8ad1\",\n  \"payload\": {\n    \"severity\": \"AUDIT\",\n    \"type\": \"USER_DELETED\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"user_id\": \"c79a9d0b-7fc5-413c-8161-182873f7870f\",\n    \"id\": \"f60d1cb0-ed06-4de9-bedd-ea3081df9c0d\",\n    \"created_at\": \"2021-03-10T13:01:08.21154784Z\",\n    \"details\": {\n      \"message\": \"tifiy10802@566dh.com was deleted by user avitella@malwarebytes.com\",\n      \"deleted_by\": \"avitella@malwarebytes.com\",\n      \"ip_address\": \"90.191.127.234\"\n    }\n  },\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"subscription_id\": \"f43dc73b-2709-4d6f-9c79-08abc815114b\"\n}\n```\n\n### Device control events\n\n#### Drive blocked\n```json\n{\n  \"event\": \"drive_events\",\n  \"id\": \"60de6386-56d9-4b18-b0dd-8cf75e53665e\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b39\",\n    \"id\": \"83418205-78d2-453b-b15e-b8ac3e6efc21\",\n    \"created_at\": \"2022-02-09T15:36:57.7484112Z\",\n    \"action\": \"blocked\",\n    \"type\": \"DRIVE_BLOCKED\",\n    \"details\": {\n      \"group_id\": \"39a36fde-49ae-416b-9e68-112d9bfa1945\",\n      \"group_name\": \"PMP DNS Lite\",\n      \"policy_id\": \"833bd822-e2a6-44e8-a7b6-92ca1edae4c0\",\n      \"policy_name\": \"DNS Lite\",\n      \"metadata\": {\n        \"timestamp\": \"2022-02-09T15:36:57.7484112Z\",\n        \"physical_disk_name\": \"Walgreen Infinitive USB Device\",\n        \"pnp_device_id\": \"USBSTOR\\\\DISK&VEN_WALGREEN&PROD_INFINITIVE&REV_1.00\\\\4C530001030323105095&0\",\n        \"device_id\": \"\\\\\\\\.\\\\PHYSICALDRIVE1\",\n        \"disk_interface\": \"USB\",\n        \"manufacturer\": \"Zia Caterina\",\n        \"serial_number\": \"4C530001030323105095\",\n        \"drive_compressed\": false,\n        \"file_system\": \"NTFS\",\n        \"volume_name\": \"E:\",\n        \"volume_serial\": \"44D9870F\",\n        \"volume_device_path\": \"\\\\Device\\\\HarddiskVolume8\",\n        \"block_status\": \"blocked\",\n        \"driver_metadata\": {\n          \"DevicePath\": \"\\\\DEVICE\\\\HARDDISKVOLUME8\",\n          \"FileSystemFlags\": 65472255,\n          \"FileSystemName\": \"NTFS\",\n          \"MaximumComponentLength\": 255,\n          \"VolumeMountPoints\": [\n            \"E:\\\\\"\n          ],\n          \"VolumeName\": \"USB\",\n          \"VolumePath\": \"\\\\\\\\?\\\\Volume{0d619cc3-7d50-11ec-9bca-000c2972f401}\\\\\",\n          \"VolumeSerialNumber\": \"1155106575\",\n          \"schemaVersion\": 1\n        }\n      }\n    },\n    \"machine_name\": \"pmp-win10x64-00\"\n  },\n  \"subscription_id\": \"f8b2a2f5-1e11-4709-8256-9c17609b05d3\"\n}\n```\n\n### Vulnerability & Patch events\n\n#### Vulnerability found\n```json\n{\n  \"event\": \"cve_events\",\n  \"id\": \"e2ebad01-faaf-40c7-8b32-00c10ef6dc85\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b39\",\n    \"id\": \"fb839c2e-ae9a-48c0-9233-ed278ee06b30\",\n    \"created_at\": \"2022-05-06T13:49:51.227357Z\",\n    \"type\": \"CVE_ADDED\",\n    \"details\": {\n      \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n      \"account_name\": \"Test Account1\",\n      \"parent_account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n      \"machine_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b39\",\n      \"group_id\": \"39a36fde-49ae-416b-9e68-112d9bfa1945\",\n      \"root_group_id\": \"39a36fde-49ae-416b-9e68-112d9bfa1945\",\n      \"host_name\": \"TA-Win81x32-001\",\n      \"fully_qualified_host_name\": \"TA-Win81x32-001\",\n      \"display_name\": \"TA-Win81x32-001\",\n      \"vendor\": \"Adobe Systems Inc.\",\n      \"normalized_vendor\": \"adobe\",\n      \"product\": \"Adobe Flash Player\",\n      \"installed_version\": \"32.0.0.207\",\n      \"created_at\": \"2022-05-06T13:49:49.893680453Z\",\n      \"os_info\": {\n        \"os_type\": \"Workstation\",\n        \"os_version\": \"6.3.9600\",\n        \"os_platform\": \"Windows\",\n        \"os_architecture\": \"x86\",\n        \"os_release_name\": \"Microsoft Windows 8.1 Enterprise\"\n      },\n      \"sort_id\": 1651844991145,\n      \"cve_id\": \"CVE-2019-8075\",\n      \"cisa_exploitable\": true,\n      \"severity\": \"medium\",\n      \"severity_score\": 58,\n      \"published_at\": \"2019-09-27T16:15:00Z\",\n      \"cvss30_score\": 7.5,\n      \"cvss20_score\": 5,\n      \"description\": \"Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.\",\n      \"resolution\": {\n        \"text\": \"Product is defunct, please uninstall it.\"\n      },\n      \"document_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b39c6ba419679d8950eabad5c0385703f78CVE-2019-8075\",\n      \"display_vendor\": \"adobe\",\n      \"display_product\": \"Adobe Flash Player\",\n      \"display_installed_version\": \"32.0.0.207\",\n      \"version\": 0\n    }\n  },\n  \"subscription_id\": \"f8b2a2f5-1e11-4709-8256-9c17609b05d3\"\n}\n```\n\n#### Patch available\n```json\n{\n  \"event\": \"cve_events\",\n  \"id\": \"dea7139e-5589-4d7a-b30c-3b8ed827c4fa\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b39\",\n    \"id\": \"9a608078-7192-4a68-bfce-ec35121a79f1\",\n    \"created_at\": \"2022-05-06T13:49:51.22989Z\",\n    \"type\": \"CVE_PATCH_AVAILABLE\",\n    \"details\": {\n      \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n      \"account_name\": \"Test Account1\",\n      \"parent_account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n      \"machine_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b39\",\n      \"group_id\": \"39a36fde-49ae-416b-9e68-112d9bfa1945\",\n      \"root_group_id\": \"39a36fde-49ae-416b-9e68-112d9bfa1945\",\n      \"host_name\": \"TA-Win81x32-001\",\n      \"fully_qualified_host_name\": \"TA-Win81x32-001\",\n      \"display_name\": \"TA-Win81x32-001\",\n      \"created_at\": \"2022-05-06T13:49:49.893680453Z\",\n      \"sort_id\": 1651844991166,\n      \"os_info\": {\n        \"os_type\": \"Workstation\",\n        \"os_version\": \"6.3.9600\",\n        \"os_platform\": \"Windows\",\n        \"os_architecture\": \"x86\",\n        \"os_release_name\": \"Microsoft Windows 8.1 Enterprise\"\n      },\n      \"title\": \"Microsoft .NET Framework 4.8 for Windows 8.1 (KB4486105)\",\n      \"description\": \"The Microsoft .NET Framework 4.8 is a highly compatible, in-place update for all the previous versions of .NET Framework 4.X. After you install this update, you may have to restart your computer.\",\n      \"product\": \"Windows 8.1\",\n      \"severity\": \"important\",\n      \"category\": \"feature_pack\",\n      \"security_update_id\": \"\",\n      \"patch_id\": \"4486105\",\n      \"released_at\": \"2020-01-14T05:00:00Z\",\n      \"size\": 44044135,\n      \"reboot_required\": true,\n      \"document_id\": \"9278ff33-9989-47d1-ac1f-fc40381f3b394486105\",\n      \"version\": 0\n    }\n  },\n  \"subscription_id\": \"f8b2a2f5-1e11-4709-8256-9c17609b05d3\"\n}\n```\n\n#### Software updated\n```json\n{\n  \"event\": \"cve_events\",\n  \"id\": \"5168387e-41a7-47cd-b554-f5d49308c464\",\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"machine_name\": \"Avarosa\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"machine_id\": \"07386bfa-d493-41b3-bff1-db6dfe64e17f\",\n    \"action\": \"COMPLETED\", // enum: [\"FAILED\",\"COMPLETED\"]\n    \"details\": {\n      \"application_name\": \"Microsoft Visual C++ Redistributable 2013\",\n      \"current_version\": \"12.0.30501.0\",\n      \"new_version\": \"12.0.40664.0\",\n      \"product\": 3092,\n      \"vendor\": \"microsoft\"\n    },\n    \"created_at\": \"2022-05-09T10:39:59.14429501Z\",\n    \"id\": \"1f79149f-d38f-4c20-a09e-75f2debf812a\",\n    \"type\": \"CVE_SOFTWARE_UPDATED\"\n  },\n  \"subscription_id\": \"a469cd25-4c0b-4e35-98cd-b2a01f09945d\"\n}\n```\n\n#### Patch applied\n```json\n{\n  \"event\": \"cve_events\",\n  \"id\": \"ff0edfda-6cae-4adc-9b4b-1b5f23002d4d\",\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"machine_name\": \"Avarosa\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"machine_id\": \"07386bfa-d493-41b3-bff1-db6dfe64e17f\",\n    \"action\": \"COMPLETED\", // enum: [\"FAILED\",\"COMPLETED\",\"REBOOT_REQUIRED\"]\n    \"details\": {\n      \"category\": \"critical_update\",\n      \"product\": \".NET Core 3.1\",\n      \"severity\": \"important\",\n      \"title\": \"2021-10 .NET Core 3.1.20 Update for Windows 11  for x64 Client (KB5007050)\",\n      \"vendor\": \"Armut Corp\",\n      \"reboot_required\": false,\n      \"description\": \"2021-10 .NET Core 3.1.20 Update for Windows 11 for x64 Client (KB5007050)\",\n      \"date\": 1634277600,\n      \"size\": 189019608,\n      \"kb_id\": \"5007050\",\n      \"security_update_id\": \"\"\n    },\n    \"created_at\": \"2022-05-09T10:40:31.848869068Z\",\n    \"type\": \"CVE_PATCH_APPLIED\"\n  },\n  \"subscription_id\": \"a469cd25-4c0b-4e35-98cd-b2a01f09945d\"\n}\n```\n\n### DNS Content Filtering events\n\n#### DNS blocked\n\n```json\n{\n  \"event\": \"dns_events\",\n  \"id\": \"4974972d-36f6-4c0f-a687-626d33a98609\",\n  \"account_id\": \"f9c1e231-891e-40a2-93a8-7666a527c67d\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"account_id\": \"f9c1e231-891e-40a2-93a8-7666a527c67d\",\n    \"machine_id\": \"675c4b7a-335b-47c1-b71f-868f03ccf263\",\n    \"created_at\": \"2022-09-01T15:32:12.706971938Z\",\n    \"id\": \"0dcdf1c6-16fc-4bb7-b94f-ba1db2d5d4fb\",\n    \"details\": {\n      \"id\": \"bef4894f-d4e7-4cee-b52e-f15998c6ab49\",\n      \"machine_id\": \"675c4b7a-335b-47c1-b71f-868f03ccf263\",\n      \"group_id\": \"faafbf27-e166-45ce-bb16-f01f3a5b7ae1\",\n      \"group_name\": \"Default Group\",\n      \"account_id\": \"f9c1e231-891e-40a2-93a8-7666a527c67d\",\n      \"parent_account_id\": \"f9c1e231-891e-40a2-93a8-7666a527c67d\",\n      \"policy_id\": \"fa4331e7-989b-47b3-8f40-efff592d573c\",\n      \"rule_id\": \"d25c4ec1-bb72-4d5a-8f4b-20cd131634d6\",\n      \"rule_name\": \"no msnbc\",\n      \"policy_name\": \"Default Policy\",\n      \"action\": \"block\",\n      \"log\": {\n        \"colo_id\": 465,\n        \"datetime\": \"2022-09-01T15:31:45Z\",\n        \"device_id\": \"5f166267-2a09-11ed-99f4-7a63bd6fb789\",\n        \"user_id\": \"721ab000-8a6c-4b54-858c-1b67f6d4a630\",\n        \"dst_ip\": \"162.159.36.5\",\n        \"src_ip\": \"98.207.10.35\",\n        \"email\": \"non_identity@mwb-nebula-7bde22be1cb528441ad14380f02a8411.cloudflareaccess.com\",\n        \"location\": \"d25c4ec1-bb72-4d5a-8f4b-20cd131634d6\",\n        \"policy\": \"\",\n        \"policy_id\": \"ccb7fe0d52fb493dbfdc2cf4de0764ee\",\n        \"protocol\": \"https\",\n        \"query_name\": \"msnbc.com\",\n        \"query_name_reversed\": \"com.msnbc\",\n        \"resolver_decision\": \"blockedRule\",\n        \"query_category_ids\": [7,122,164],\n        \"query_size\": 38,\n        \"query_type\": 28,\n        \"src_port\": 0,\n        \"dst_port\": 0\n      },\n      \"document_id\": \"bef4894f-d4e7-4cee-b52e-f15998c6ab49\",\n      \"version\": 0,\n      \"@timestamp\": \"2022-09-01T15:32:12.706971938Z\"\n    },\n    \"type\": \"DNS_BLOCKED\"\n  },\n  \"subscription_id\": \"f01dc32c-76a6-4629-8efa-5afe861f32b7\"\n}\n```\n\n### License events\n\n#### License Entitlement Added\n\n```json\n{\n  \"event\": \"license_events\",\n  \"id\": \"5db19165-9078-408d-be55-38b540fb8527\",\n  \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"LICENSE_ENTITLEMENT_CHANGED\",\n    \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n    \"id\": \"1e659a56-5b03-493a-baf8-bb3ecd628c59\",\n    \"details\": {\n      \"id\": \"5944a421-9f33-4471-9382-72525fae1427\",\n      \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n      \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n      \"licensed_product\": \"MBDNS-B,NCCA-B\",\n      \"catalog_code\": \"\",\n      \"combo_product\": \"NEBULA-DNS-COMBO\",\n      \"licensed_seats\": 10,\n      \"license_expires_at\": \"2023-11-17T23:59:59Z\",\n      \"license_key_status\": \"active\",\n      \"license_term_type\": \"subscription\",\n      \"license_status\": \"active\",\n      \"licensed_remediations\": 0,\n      \"licensed_remediation_factor\": 0,\n      \"remediation_count\": 0,\n      \"created_at\": \"2022-11-17T14:01:07.426394557Z\",\n      \"updated_at\": \"2022-11-17T14:01:07.426394557Z\",\n      \"active\": true,\n      \"machine_counts\": null,\n      \"auto_renew\": \"no\",\n      \"can_be_paid\": false,\n      \"keystone_id\": 35093303\n    },\n    \"action\": \"added\",\n    \"created_at\": \"2022-11-17T14:01:07.556054636Z\"\n  },\n  \"subscription_id\": \"1fa8e9ee-7a16-4197-987f-4362ddfbd5ac\"\n}\n```\n\n#### License Entitlement Updated\n\n```json\n{\n  \"event\": \"license_events\",\n  \"id\": \"599e8be4-ae4b-4066-b31c-ea223e900179\",\n  \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"LICENSE_ENTITLEMENT_CHANGED\",\n    \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n    \"id\": \"a13fdaca-13a1-4e4e-88f8-ac66309ef11b\",\n    \"details\": {\n      \"old_entitlement\": {\n        \"id\": \"5944a421-9f33-4471-9382-72525fae1427\",\n        \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n        \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n        \"licensed_product\": \"MBDNS-B,NCCA-B\",\n        \"catalog_code\": \"\",\n        \"combo_product\": \"NEBULA-DNS-COMBO\",\n        \"licensed_seats\": 10,\n        \"license_expires_at\": \"2023-11-17T23:59:59Z\",\n        \"license_key_status\": \"active\",\n        \"license_term_type\": \"subscription\",\n        \"license_status\": \"active\",\n        \"licensed_remediations\": 0,\n        \"licensed_remediation_factor\": 0,\n        \"remediation_count\": 0,\n        \"created_at\": \"2022-11-17T14:01:07.426395Z\",\n        \"updated_at\": \"2022-11-17T14:01:07.426395Z\",\n        \"active\": true,\n        \"machine_counts\": null,\n        \"auto_renew\": \"no\",\n        \"can_be_paid\": false,\n        \"keystone_id\": 35093303\n      },\n      \"new_entitlement\": {\n        \"id\": \"5944a421-9f33-4471-9382-72525fae1427\",\n        \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n        \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n        \"licensed_product\": \"MBDNS-B,NCCA-B\",\n        \"catalog_code\": \"\",\n        \"combo_product\": \"NEBULA-DNS-COMBO\",\n        \"licensed_seats\": 20,\n        \"license_expires_at\": \"2023-11-17T23:59:59Z\",\n        \"license_key_status\": \"active\",\n        \"license_term_type\": \"subscription\",\n        \"license_status\": \"active\",\n        \"licensed_remediations\": 0,\n        \"licensed_remediation_factor\": 0,\n        \"remediation_count\": 0,\n        \"created_at\": \"0001-01-01T00:00:00Z\",\n        \"active\": true,\n        \"machine_counts\": null,\n        \"auto_renew\": \"no\",\n        \"can_be_paid\": false,\n        \"keystone_id\": 35093303\n      }\n    },\n    \"action\": \"updated\",\n    \"created_at\": \"2022-11-17T14:02:38.006653379Z\"\n  },\n  \"subscription_id\": \"1fa8e9ee-7a16-4197-987f-4362ddfbd5ac\"\n}\n```\n\n#### License Entitlement Removed\n\n```json\n{\n  \"event\": \"license_events\",\n  \"id\": \"29d6f063-fd95-4b6a-bcdb-1ecaaa15eb87\",\n  \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"LICENSE_ENTITLEMENT_CHANGED\",\n    \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n    \"id\": \"038304ca-4fa8-4926-a3d6-fca29c6b1e71\",\n    \"details\": {\n      \"id\": \"5944a421-9f33-4471-9382-72525fae1427\",\n      \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n      \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n      \"licensed_product\": \"MBDNS-B,NCCA-B\",\n      \"catalog_code\": \"\",\n      \"combo_product\": \"NEBULA-DNS-COMBO\",\n      \"licensed_seats\": 20,\n      \"license_expires_at\": \"2023-11-17T23:59:59Z\",\n      \"license_key_status\": \"active\",\n      \"license_term_type\": \"subscription\",\n      \"license_status\": \"active\",\n      \"licensed_remediations\": 0,\n      \"licensed_remediation_factor\": 0,\n      \"remediation_count\": 0,\n      \"created_at\": \"2022-11-17T14:01:07.426395Z\",\n      \"updated_at\": \"2022-11-17T14:02:37.95501Z\",\n      \"active\": true,\n      \"machine_counts\": null,\n      \"auto_renew\": \"no\",\n      \"can_be_paid\": false,\n      \"keystone_id\": 35093303\n    },\n    \"action\": \"removed\",\n    \"created_at\": \"2022-11-17T14:03:06.077892882Z\"\n  },\n  \"subscription_id\": \"1fa8e9ee-7a16-4197-987f-4362ddfbd5ac\"\n}\n```\n\n#### License Entitlement Usage changed\n\n```json\n{\n  \"event\": \"license_events\",\n  \"id\": \"a79b4fbb-90f2-408c-a3d5-e4b37cdaa9d1\",\n  \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"LICENSE_ENTITLEMENT_USAGE_CHANGED\",\n    \"created_at\": \"2022-11-17T15:57:59.921931957Z\",\n    \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n    \"details\": {\n      \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n      \"licensed_product\": \"MBAE-B,MBAM-B,MBBR-B,MBCM-B,MBFT-B,MBRX-B,NCCA-B,NCEP-B,NCRM-B\",\n      \"catalog_code\": \"BUS-CLOUD-EPP-01\",\n      \"combo_product\": \"NEBULA-EP-COMBO\",\n      \"licensed_seats\": 10,\n      \"license_expires_at\": \"2023-11-17T23:59:59Z\",\n      \"license_key_status\": \"active\",\n      \"license_term_type\": \"subscription\",\n      \"license_status\": \"active\",\n      \"auto_renew\": \"no\",\n      \"used_seats\": 5\n    }\n  },\n  \"subscription_id\": \"1fa8e9ee-7a16-4197-987f-4362ddfbd5ac\"\n}\n```\n\n#### License Over deployment\n\n```json\n{\n  \"event\": \"license_events\",\n  \"id\": \"c39ce0df-ed3d-4f31-bea4-b2926b36f49a\",\n  \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"LICENSE_OVER_DEPLOYMENT\",\n    \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n    \"details\": {\n      \"message\": \"Over deployment\",\n      \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n      \"licensed_product\": \"MBAE-B,MBAM-B,MBBR-B,MBCM-B,MBFT-B,MBRX-B,NCCA-B,NCEP-B,NCRM-B\",\n      \"catalog_code\": \"BUS-CLOUD-EPP-01\",\n      \"combo_product\": \"NEBULA-EP-COMBO\",\n      \"licensed_seats\": 3,\n      \"license_expires_at\": \"2023-11-17T23:59:59Z\",\n      \"license_key_status\": \"active\",\n      \"license_term_type\": \"subscription\",\n      \"license_status\": \"active\",\n      \"auto_renew\": \"no\",\n      \"used_seats\": 4\n    },\n    \"created_at\": \"2022-11-17T14:49:59.333193431Z\"\n  },\n  \"subscription_id\": \"1fa8e9ee-7a16-4197-987f-4362ddfbd5ac\"\n}\n```\n\n#### License Expiring\n\n```json\n{\n  \"event\": \"license_events\",\n  \"id\": \"533605a0-6cce-4b9a-8292-101f0b9583c2\",\n  \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"LICENSE_EXPIRING\",\n    \"account_id\": \"00017df6-13c5-4cac-8967-40f85b054e4e\",\n    \"details\": {\n      \"license_key\": \"CBFCK-XRRG2-67ZDJ-CGHUS\",\n      \"licensed_product\": \"MBAE-B,MBAM-B,MBBR-B,MBCM-B,MBFT-B,MBRX-B,NCCA-B,NCEP-B,NCRM-B\",\n      \"catalog_code\": \"BUS-CLOUD-EPP-01\",\n      \"combo_product\": \"NEBULA-EP-COMBO\",\n      \"licensed_seats\": 3,\n      \"license_expires_at\": \"2022-11-30T23:59:59Z\",\n      \"license_key_status\": \"active\",\n      \"license_term_type\": \"subscription\",\n      \"license_status\": \"active\",\n      \"auto_renew\": \"no\",\n      \"used_seats\": 4,\n      \"message\": \"Expiring license\",\n      \"days_left\": 14 // enum: [0, 1, 7, 14 ,30]\n    },\n    \"created_at\": \"2022-11-17T14:56:26.743834259Z\"\n  },\n  \"subscription_id\": \"1fa8e9ee-7a16-4197-987f-4362ddfbd5ac\"\n}\n```\n\n### Application Block events\n\n#### Application blocked\n\n```json\n{\n  \"event\": \"appblock_events\",\n  \"id\": \"b3e1f103-c490-445f-9136-d45450e1a961\",\n  \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n  \"payload\": {\n    \"type\": \"APPBLOCK_BLOCKED\",\n    \"document_id\": \"e8c540c7-fe43-511d-b6df-805656440afd\",\n    \"severity\": \"INFO\",\n    \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"machine_id\": \"f2750e61-a41c-47ed-8d12-fca857fe8453\",\n    \"group_id\": \"f4b15520-3153-4956-be41-185c4a523cfc\",\n    \"action\": \"blocked\",\n    \"id\": \"e8c540c7-fe43-511d-b6df-805656440afd\",\n    \"created_at\": \"2023-03-15T13:34:02.80344Z\",\n    \"root_group_id\": \"f4b15520-3153-4956-be41-185c4a523cfc\",\n    \"account_name\": \"Test-Account3\",\n    \"parent_account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n    \"group_name\": \"Default Group\",\n    \"policy_id\": \"4ab40443-dea1-4c76-8713-ef5141307b98\",\n    \"policy_name\": \"!!!!_!_!!!_!!_!_!NEW POLICY12345\",\n    \"details\": {\n      \"file_path\": \"C:\\\\burla2.exe\",\n      \"matching_rule_ids\": [\n        \"33741ecc-6775-4f13-b7d9-4f462a59fc2a\"\n      ],\n      \"app_block_rules\": [\n        {\n          \"id\": \"33741ecc-6775-4f13-b7d9-4f462a59fc2a\",\n          \"account_id\": \"550a20b8-6d36-4222-afbc-54d100f2e894\",\n          \"name\": \"Rule test 34\",\n          \"rule\": {\n            \"action\": \"block\",\n            \"files\": [\n              \"C:\\\\burla2.exe\"\n            ]\n          },\n          \"type\": \"files\"\n        }\n      ],\n      \"group_id\": \"f4b15520-3153-4956-be41-185c4a523cfc\",\n      \"group_name\": \"Default Group\",\n      \"policy_id\": \"4ab40443-dea1-4c76-8713-ef5141307b98\",\n      \"policy_name\": \"!!!!_!_!!!_!!_!_!NEW POLICY12345\",\n      \"last_user\": \"ben-fake-endpoint\\\\Testuser\"\n    }\n  },\n  \"subscription_id\": \"a22a2b59-4897-45de-b055-cfa1eabb9d1e\"\n}\n```\n\n\n### Endpoint status events\n\n#### Endpoint reboot required\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"a8f76811-fa21-48b3-8bba-6b6e800ecc6e\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_REBOOT_REQUIRED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:06:02.410951Z\",\n    \"id\": \"3e52d13e-ac67-109b-b0a9-9443f785f5d1\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-3168-45c4-89fb-378d59031d12\"\n}\n```\n\n#### Endpoint reboot cleared\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"a8f76811-fa21-48b3-6bba-1b6e800ecc6e\",\n  \"account_id\": \"f29c5663-10a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:06:02.410951Z\",\n    \"id\": \"3e52d13e-ac67-409b-b0a9-9443f785f5d1\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-55c4-89fb-378d59031d12\"\n}\n```\n\n#### Endpoint remediation required\nThis event is emitted when at least one detection is detected while the endpoint had no detection before\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"f98f4ee7-1a32-4840-8d5d-9d4ab0adac93\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_INFECTED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:52:42.6652Z\",\n    \"id\": \"d288002d-806e-4b2b-a0d4-f8f80ae801e8\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n\n#### Endpoint remediated\nThis event is emitted when all the detections are remediated for an endpoint\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"f98f4ee7-1232-4840-8d5d-9ddab0adac93\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_REMEDIATED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:52:42.6652Z\",\n    \"id\": \"d288040d-806e-4b2b-a0d4-f8f80ae801e8\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n\n#### Endpoint isolated\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"f98f4ee7-1a32-4840-8d5d-9ddab0adac95\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_ISOLATED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:52:42.6652Z\",\n    \"id\": \"d288000d-806e-4b2b-a0d4-f8f80ae831e8\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n\n#### Endpoint un-isolated\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"f98f4ee7-1a32-4840-8d5d-9ddab0adac93\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_UNISOLATED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:52:42.6652Z\",\n    \"id\": \"d288000d-806e-4b2b-a0d4-f8f80ae801e8\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n\n#### Suspicious activity detected\nThis event is emitted when at least one suspicious activity is detected while the endpoint had no suspicious activities before\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"f98f4ee7-1a32-4840-8d5d-9ddab0ad3c93\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:52:42.6652Z\",\n    \"id\": \"d288000d-806e-2b2b-a0d4-f8f80ae801e8\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n\n#### Suspicious activity cleared\nThis event is emitted when all the suspicious activities are cleared for an endpoint\n\n```json\n{\n  \"event\": \"endpoint_events\",\n  \"id\": \"f98f4ee7-1a32-4840-8d5d-9ddab0ad3c93\",\n  \"account_id\": \"f29c5663-180a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"severity\": \"INFO\",\n    \"type\": \"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-17T15:52:42.6652Z\",\n    \"id\": \"d288200d-806e-2b2b-a0d4-f8f80ae801e8\",\n    \"machine_name\": \"test_machine387\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n\n### Agent Events\n\n#### Endpoint needs attention\nThis event is emitted when the list of alerts form the endpoint is changed\n\n```json\n{\n  \"event\": \"agent_events\",\n  \"id\": \"3be75bf1-0926-41b5-9c6f-ad4a70123293\",\n  \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n  \"payload\": {\n    \"type\": \"AGENT_ALERTS_CHANGED\",\n    \"severity\": \"INFO\",\n    \"account_id\": \"f29c5663-100a-4cd5-a5c3-b9a45e67ad21\",\n    \"machine_id\": \"350eff78-1061-4357-b992-3121d22288ab\",\n    \"created_at\": \"2023-01-18T10:59:40.3162Z\",\n    \"id\": \"4ec6595c-e8c4-4a85-b1e1-2ceff1086c59\",\n    \"details\": {\n      \"added_codes\": [\"FULL_DISK_ACCESS_DISABLED\"],\n      \"cleared_codes\": [],\n      \"current_codes\": [\"FULL_DISK_ACCESS_DISABLED\"]\n    },\n    \"machine_name\": \"dummy-host.corp.mb-test.com\"\n  },\n  \"subscription_id\": \"289ffcf2-1168-45c4-89fb-378d59031d12\"\n}\n```\n"
    }
  ],
  "servers": [
    {
      "url": "https://api.threatdown.com"
    }
  ],
  "paths": {
    "/oauth2/token": {
      "post": {
        "description": "Use this endpoint to retrieve an authentication token that allows you to send authenticated requests to all the API endpoints.\nFirst, you need to get a valid `client_id`, `client_secret` pair to retrieve an authentication token. See notes below for obtaining a credential pair**.\n\nOnce you have obtained the `access_token`, by adhering to the following specification, you must include it for all the requests to the public APIs along with the `Authorization` header:\n\n```\nAuthorization: Bearer <access_token>\n```\n\n## Request\n\n### Headers\n\nAdd the following headers to your request.\n\n| Name | Description | Type  | Required  |  Default |\n|------|-------------|-------|-----------|----------|\n| Authorization | base64 encoded credential pair* as basic authorization `Basic base64(<client_id>:<client_secret>)`| string | yes  | '' |\n| Content-Type | Set to 'application/x-www-form-urlencoded' | string | yes | '' |\n\n*You need to concatenate `client_id` and `client_secret` and encode in base64.\n\nRefer to the following Javascript example to get the correct header's value:\n\n**In the browser**:\n```\n`Basic ${window.btoa(`${clientId}:${clientSecret}`)}`\n```\n\n**NodeJS**:\n```\n`Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString('base64')}`\n```\n\n### Body\nSend the following body with the request.\n\n| Name | Description | Type  | Required  |  Default |\n|------|-------------|-------|-----------|----------|\n| scope | The scope of the token. Can be ```read write execute``` or any subset of those space-separated scopes | string | yes  | '' |\n| grant\\_type | The grant\\_type. Set it to `client_credentials`  | string | yes | '' |\n\n\n**\\*\\*Note**: To obtain a client ID/client secret pair, open the Nebula\nconsole, go to Settings -> APIs & Integrations. On that\npage, click the \"Add\" button and submit the form. Use the resulting client\nID/client secret pair in your base64 string.\n\n## Response\n\nIf your request successfully processed, our server will respond with a 200 status code and send a JSON body, which will include:\n\n| Name | Description | Type  | Can be blank  |\n|------|-------------|-------|-----------|\n| access_token | The access token. You need this token to access all other API endpoints | string | no  |\n| expires_in | Expiry time in seconds of the access\\_token | number | no |\n| scope | The scope. Can be `read write execute` or a subset of those. Space separate the scope you want to request | string | no |\n| token_type | The type of the token | string | no |\n\nYou can use the `access_token` to send requests to all the other HTTP endpoints.\n\n# Notes\n\nYou can send a raw HTTP request to retrieve the `access_token` following the specification above, but we strongly recommend to using one of the existing `oauth2` libraries.\nLibraries will usually handle refreshing the `access_token`, and generally implements best practices for that authentication protocol. We provide 2 examples as reference:\n\n## Python example\n\nThe following Python examples use the `oauthlib`:\n```python\nfrom requests_oauthlib import OAuth2Session\nfrom oauthlib.oauth2 import BackendApplicationClient\n\nCLIENT_ID = \"\"\nCLIENT_SECRET = \"\"\nCLIENT_ACCOUNT = \"\"\n\ndef NEBULA_URL(path):\n    return \"{NEBULA_URL}{PATH}\".format(NEBULA_URL=\"https://api.threatdown.com\", PATH=path)\n\ndef get_nebula_client(client_id, client_secret, account_id):\n    client_scope = [\"read\", \"write\"]\n    headers = {\"accountid\": account_id}\n\n    client = BackendApplicationClient(client_id, scope=client_scope)\n    nebula = OAuth2Session(client=client, scope=client_scope)\n    nebula.headers.update(headers)\n    token = nebula.fetch_token(\n        token_url=NEBULA_URL('/oauth2/token'),\n        client_secret=client_secret, scope=\" \".join(client_scope))\n    return nebula\n\nresp = get_nebula_client(CLIENT_ID, CLIENT_SECRET, CLIENT_ACCOUNT).get(NEBULA_URL('/nebula/v1/account'))\n\nprint(resp.json())\n```\n\n## Javascript example\nThe following Javascript example uses the `simple-oauth2` module available on `npm`:\n\n```javascript\nconst oauth2Module = require('simple-oauth2')\n\nconst CLIENT_ACCOUNT = '<client-account>'\nconst CLIENT_ID = '<client-id>'\nconst CLIENT_SECRET = '<client-secret>'\nconst CLIENT_SCOPE = ['read'];\n\nconst URL = 'https://api.threatdown.com'\nconst TOKEN_PATH = '/oauth2/token'\nconst credentials = {\n  client: {\n    id: CLIENT_ID,\n    secret: CLIENT_SECRET\n  },\n  auth: {\n    tokenHost: URL,\n    tokenPath: TOKEN_PATH\n  }\n};\n\nconst tokenConfig = {\n  scope: CLIENT_SCOPE,\n};\n\nconst oauth2 = oauth2Module.create(credentials);\n\nasync function reqToken() {\n  try {\n    const result = await oauth2.clientCredentials.getToken(tokenConfig);\n    return oauth2.accessToken.create(result);\n  } catch (error) {\n    throw error;\n  }\n}\n\nreqToken()\n  .then(({\n    access_token,\n    expires_in,\n    scope,\n    token_type\n  }) => console.log(\n    access_token,\n    expires_in,\n    scope,\n    token_type))\n  .catch(e => console.log(e))\n  ```\n",
        "summary": "Get an access token",
        "status": {
          "outage": [
            "oauth2"
          ]
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "PostDetectionsSearchRes200",
                  "properties": {
                    "access_token": {
                      "type": "string",
                      "title": "Access token to be used to authenticate in API requests"
                    },
                    "expires_in": {
                      "type": "number",
                      "title": "Time in seconds before the token expires"
                    },
                    "scope": {
                      "type": "string",
                      "title": "The granted scope for this access token"
                    },
                    "token_type": {
                      "type": "string",
                      "title": "The type of the token"
                    },
                    "refresh_token": {
                      "type": "string",
                      "title": "With grant type authorization code refresh token gets also returned."
                    },
                    "id_token": {
                      "type": "string",
                      "title": "With grant type authorization code id token gets also returned."
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Authentication"
        ],
        "operationId": "api.oauth2.token"
      }
    },
    "/nebula/v1/account": {
      "get": {
        "description": "Get details of the current account",
        "summary": "Get account details",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Your license key",
                  "properties": {
                    "license_key": {
                      "type": "string",
                      "title": "The license key associated with the account"
                    },
                    "id": {
                      "type": "string",
                      "title": "The id of the account (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "The Name of the account"
                    },
                    "options": {
                      "type": "object",
                      "title": "Optional field options. Information for MSP.",
                      "properties": {
                        "msp": {
                          "type": "object",
                          "title": "MSP",
                          "properties": {
                            "name": {
                              "type": "string",
                              "title": "Name"
                            },
                            "redirect_url": {
                              "type": "string",
                              "title": "Redirect URL"
                            }
                          }
                        }
                      }
                    },
                    "account_token": {
                      "type": "string",
                      "title": "the account token of this account for registering endpoints"
                    },
                    "client_id": {
                      "type": "string",
                      "title": "The default client_id for this account, if any"
                    },
                    "default_policy_id": {
                      "type": "string",
                      "title": "The policy ID associated with this account (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "default_group_id": {
                      "type": "string",
                      "title": "The group ID associated with this account (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "owner_id": {
                      "type": "string",
                      "format": "uuid",
                      "title": "The nebula account owner user ID"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "When this account has been created (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "When the account has been updated the last time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "product_license_info": {
                      "type": "array",
                      "title": "Product license information",
                      "items": {
                        "type": "object",
                        "properties": {
                          "licensed_product": {
                            "type": "string",
                            "title": "Licensed product",
                            "description": "The licensed products",
                            "default": "",
                            "examples": [
                              "MBAE-B,MBAM-B,MBBR-B,MBFT-B,MBRX-B,NCCA-B,NCEP-B,NCRM-B"
                            ]
                          },
                          "combo_code": {
                            "type": "string",
                            "title": "Combo code",
                            "examples": [
                              "NEBULA-EP-COMBO"
                            ]
                          },
                          "catalog_code": {
                            "type": "string",
                            "title": "Catalog code",
                            "default": "",
                            "examples": [
                              "BUS-CLOUD-EPP-01"
                            ]
                          },
                          "licensed_seats": {
                            "type": "integer",
                            "title": "The number of seats licensed",
                            "default": 0,
                            "examples": [
                              5
                            ]
                          },
                          "license_expires_at": {
                            "type": "string",
                            "title": "When the license expires",
                            "default": "",
                            "examples": [
                              "2021-03-18T00:00:00Z"
                            ]
                          },
                          "license_term_type": {
                            "type": "string",
                            "title": "The License_term_type Schema",
                            "default": "",
                            "examples": [
                              "utility"
                            ]
                          },
                          "licensed_ir_remediations": {
                            "type": "integer",
                            "title": "Licensed ir remediations",
                            "default": 0,
                            "examples": [
                              0
                            ]
                          },
                          "license_status": {
                            "type": "string",
                            "title": "License status",
                            "default": "",
                            "examples": [
                              "active"
                            ]
                          },
                          "ir_remediations_count": {
                            "type": "integer",
                            "title": "Ir remediations count",
                            "default": 0,
                            "examples": [
                              0
                            ]
                          },
                          "machine_counts": {
                            "type": "array",
                            "title": "Endpoints linked to products",
                            "items": {
                              "type": "object",
                              "title": "Items",
                              "properties": {
                                "product_type": {
                                  "type": "string",
                                  "title": "Product type",
                                  "examples": [
                                    "EDR",
                                    "EPP",
                                    "IR"
                                  ]
                                },
                                "os_type": {
                                  "type": "string",
                                  "title": "OS type",
                                  "examples": [
                                    "WORKSTATION",
                                    "SERVER"
                                  ]
                                },
                                "os_platform": {
                                  "type": "string",
                                  "title": "Operation system platform",
                                  "examples": [
                                    "Windows"
                                  ]
                                },
                                "machine_count": {
                                  "type": "integer",
                                  "title": "Count of machines having this product"
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Account"
        ],
        "operationId": "api.nebula.get.account"
      }
    },
    "/nebula/v1/usage/histogram": {
      "post": {
        "description": "Search usage histogram",
        "summary": "Search usage histogram",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search logs",
                "description": "Search logs.",
                "examples": [
                  {
                    "start_date": "2022-04-01",
                    "end_date": "2022-04-30"
                  }
                ],
                "required": [
                  "start_date",
                  "end_date"
                ],
                "properties": {
                  "start_date": {
                    "type": "string",
                    "title": "Start date",
                    "description": "Start date.",
                    "default": "",
                    "examples": [
                      "2022-04-01"
                    ]
                  },
                  "end_date": {
                    "type": "string",
                    "title": "End date",
                    "description": "End date.",
                    "default": "",
                    "examples": [
                      "2022-04-30"
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get histogram summary",
                  "description": "Get histogram summary.",
                  "additionalProperties": true,
                  "examples": [
                    {
                      "2022-03": {
                        "BUS-CLOUD-EPR-01": {
                          "entitlement_id": "520b00cd-e00e-4f3d-b6c4-367e468c1791",
                          "usage": 1
                        },
                        "BUS-MBVPM-01": {
                          "entitlement_id": "cbc82111-00d4-412c-bf2f-cda422ce8796",
                          "usage": 1
                        }
                      },
                      "2022-04": {
                        "BUS-CLOUD-EDR-SER-01": {
                          "entitlement_id": "edec6e1d-f041-4237-8a58-ceb6ec728faa",
                          "usage": 10
                        },
                        "BUS-CLOUD-EPR-01": {
                          "entitlement_id": "57c5651a-7056-4dc4-a4ca-bf9b1f21bf50",
                          "usage": 1
                        },
                        "BUS-MBVM-01": {
                          "entitlement_id": "0af22979-d910-4112-8f80-e5998f2f48ed",
                          "usage": 43
                        },
                        "BUS-MBVPM-01": {
                          "entitlement_id": "cbc82111-00d4-412c-bf2f-cda422ce8796",
                          "usage": 1
                        }
                      },
                      "2022-05": {
                        "BUS-CLOUD-EDR-SER-01": {
                          "entitlement_id": "edec6e1d-f041-4237-8a58-ceb6ec728faa",
                          "usage": 9
                        },
                        "BUS-CLOUD-EPR-01": {
                          "entitlement_id": "57c5651a-7056-4dc4-a4ca-bf9b1f21bf50",
                          "usage": 1
                        },
                        "BUS-CLOUD-IRSL-01": {
                          "entitlement_id": "8cc10d67-5476-456e-bce0-1cf58163d69d",
                          "usage": 12
                        },
                        "BUS-MBVM-01": {
                          "entitlement_id": "0af22979-d910-4112-8f80-e5998f2f48ed",
                          "usage": 43
                        },
                        "BUS-MBVPM-01": {
                          "entitlement_id": "cbc82111-00d4-412c-bf2f-cda422ce8796",
                          "usage": 1
                        }
                      }
                    }
                  ],
                  "properties": {
                    "BUS-CLOUD-IR-01": {
                      "type": "object",
                      "title": "Entitlement usage",
                      "properties": {
                        "entitlement_id": {
                          "type": "string",
                          "title": "Identifier of the entitlement"
                        },
                        "usage": {
                          "type": "number",
                          "title": "Number of seats used"
                        }
                      }
                    },
                    "BUS-CLOUD-EPP-01": {
                      "type": "object",
                      "title": "Entitlement usage",
                      "properties": {
                        "entitlement_id": {
                          "type": "string",
                          "title": "Identifier of the entitlement"
                        },
                        "usage": {
                          "type": "number",
                          "title": "Number of seats used"
                        }
                      }
                    },
                    "BUS-CLOUD-EPR-01": {
                      "type": "object",
                      "title": "Entitlement usage",
                      "properties": {
                        "entitlement_id": {
                          "type": "string",
                          "title": "Identifier of the entitlement"
                        },
                        "usage": {
                          "type": "number",
                          "title": "Number of seats used"
                        }
                      }
                    },
                    "BUS-CLOUD-EPP-SER-01": {
                      "type": "object",
                      "title": "Entitlement usage",
                      "properties": {
                        "entitlement_id": {
                          "type": "string",
                          "title": "Identifier of the entitlement"
                        },
                        "usage": {
                          "type": "number",
                          "title": "Number of seats used"
                        }
                      }
                    },
                    "BUS-CLOUD-EDR-SER-01": {
                      "type": "object",
                      "title": "Entitlement usage",
                      "properties": {
                        "entitlement_id": {
                          "type": "string",
                          "title": "Identifier of the entitlement"
                        },
                        "usage": {
                          "type": "number",
                          "title": "Number of seats used"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Usage"
        ],
        "operationId": "api.nebula.search.usage.histogram"
      }
    },
    "/nebula/v1/usage/logs/summary": {
      "post": {
        "description": "Search summary of usage",
        "summary": "Search summary of usage",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The root schema",
                "description": "The root schema comprises the entire JSON document.",
                "examples": [
                  {
                    "start_date": "2022-04-01",
                    "end_date": "2022-04-30"
                  }
                ],
                "required": [
                  "start_date",
                  "end_date"
                ],
                "properties": {
                  "start_date": {
                    "type": "string",
                    "title": "Start date",
                    "description": "Start date.",
                    "default": "",
                    "examples": [
                      "2022-04-01"
                    ]
                  },
                  "end_date": {
                    "type": "string",
                    "title": "End date",
                    "description": "End date.",
                    "default": "",
                    "examples": [
                      "2022-04-30"
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get usage summary",
                  "description": "Get usage summary.",
                  "additionalProperties": true,
                  "examples": [
                    {
                      "2dc6485d-f80e-4f59-bd81-b2436853452a": {
                        "BUS-CLOUD-IR-01": {
                          "catalog_code": "BUS-CLOUD-EPR-01",
                          "billable_catalog_code": "BUS-CLOUD-EPR-01",
                          "combo_code": "NEBULA-EPR-COMBO",
                          "billable_combo_code": "NEBULA-EPR-COMBO",
                          "entitlement_id": "de21d245-ccfe-4361-89e8-95108613f9dd",
                          "billable_entitlement_id": "de21d245-ccfe-4361-89e8-95108613f9dd",
                          "license_term_type": "usage_billing",
                          "billable_term_type": "usage_billing",
                          "licensed_seats": 10,
                          "usage": 1
                        }
                      }
                    }
                  ],
                  "properties": {}
                }
              }
            }
          }
        },
        "tags": [
          "Usage"
        ],
        "operationId": "api.nebula.search.usage.summary"
      }
    },
    "/nebula/v1/usage/logs": {
      "post": {
        "description": "Search logs of usage",
        "summary": "Search logs of usage",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search logs",
                "description": "Search logs.",
                "examples": [
                  {
                    "start_date": "2022-04-01",
                    "end_date": "2022-04-30",
                    "page_size": 50,
                    "next_cursor": 0
                  }
                ],
                "required": [
                  "start_date",
                  "end_date"
                ],
                "properties": {
                  "start_date": {
                    "type": "string",
                    "title": "Start date",
                    "description": "Start date.",
                    "default": "",
                    "examples": [
                      "2022-04-01"
                    ]
                  },
                  "end_date": {
                    "type": "string",
                    "title": "End date",
                    "description": "End date.",
                    "default": "",
                    "examples": [
                      "2022-04-30"
                    ]
                  },
                  "page_size": {
                    "type": "integer",
                    "title": "The page_size schema",
                    "default": 0,
                    "examples": [
                      50
                    ]
                  },
                  "next_cursor": {
                    "type": "integer",
                    "title": "The next_cursor schema"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get logs",
                  "description": "The root schema comprises the entire JSON document.",
                  "additionalProperties": true,
                  "examples": [
                    {
                      "results": [
                        {
                          "id": 6080220,
                          "machine_id": "48ec2d74-ae08-44d6-9154-c05569466f64",
                          "entitlement_id": "216b796d-e7f4-46b8-80c6-f1bbb232fa35",
                          "billable_entitlement_id": "216b796d-e7f4-46b8-80c6-f1bbb232fa35",
                          "license_term_type": "usage_billing",
                          "billable_term_type": "usage_billing",
                          "policy_id": "4ce76b02-5f43-4170-a204-80685c408e06",
                          "group_id": "4744fb43-a481-4dc5-a335-655268957655",
                          "created_at": "2022-04-06T17:48:30Z",
                          "account_id": "e59ce7be-6172-4b3a-b1da-6eede7d110b3",
                          "parent_account_id": "e59ce7be-6172-4b3a-b1da-6eede7d110b3",
                          "os_type": 1,
                          "os_platform": 2,
                          "catalog_code": "BUS-CLOUD-IRSL-01",
                          "billable_catalog_code": "BUS-CLOUD-IRSL-01",
                          "product_code": "NCEPR-B",
                          "combo_code": "NEBULA-IRSL-COMBO",
                          "billable_combo_code": "NEBULA-IRSL-COMBO",
                          "endpoint_name": "Mac 2",
                          "policy_name": "Default Policy",
                          "site_name": "JCP-DEV"
                        }
                      ]
                    }
                  ],
                  "required": [
                    "results"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The results schema",
                      "examples": [
                        [
                          {
                            "id": 6080220,
                            "machine_id": "48ec2d74-ae08-44d6-9154-c05569466f64",
                            "entitlement_id": "216b796d-e7f4-46b8-80c6-f1bbb232fa35",
                            "billable_entitlement_id": "216b796d-e7f4-46b8-80c6-f1bbb232fa35",
                            "license_term_type": "usage_billing",
                            "billable_term_type": "usage_billing",
                            "policy_id": "4ce76b02-5f43-4170-a204-80685c408e06",
                            "group_id": "4744fb43-a481-4dc5-a335-655268957655",
                            "created_at": "2022-04-06T17:48:30Z",
                            "account_id": "e59ce7be-6172-4b3a-b1da-6eede7d110b3",
                            "parent_account_id": "e59ce7be-6172-4b3a-b1da-6eede7d110b3",
                            "os_type": 1,
                            "os_platform": 2,
                            "catalog_code": "BUS-CLOUD-IRSL-01",
                            "billable_catalog_code": "BUS-CLOUD-IRSL-01",
                            "product_code": "NCEPR-B",
                            "combo_code": "NEBULA-IRSL-COMBO",
                            "billable_combo_code": "NEBULA-IRSL-COMBO",
                            "endpoint_name": "Mac 2",
                            "policy_name": "Default Policy",
                            "site_name": "JCP-DEV"
                          }
                        ]
                      ],
                      "items": {
                        "type": "object",
                        "title": "Usage log",
                        "description": "Usage log.",
                        "examples": [
                          {
                            "id": 6080220,
                            "machine_id": "48ec2d74-ae08-44d6-9154-c05569466f64",
                            "entitlement_id": "216b796d-e7f4-46b8-80c6-f1bbb232fa35",
                            "billable_entitlement_id": "216b796d-e7f4-46b8-80c6-f1bbb232fa35",
                            "license_term_type": "usage_billing",
                            "billable_term_type": "usage_billing",
                            "policy_id": "4ce76b02-5f43-4170-a204-80685c408e06",
                            "group_id": "4744fb43-a481-4dc5-a335-655268957655",
                            "created_at": "2022-04-06T17:48:30Z",
                            "account_id": "e59ce7be-6172-4b3a-b1da-6eede7d110b3",
                            "parent_account_id": "e59ce7be-6172-4b3a-b1da-6eede7d110b3",
                            "os_type": 1,
                            "os_platform": 2,
                            "catalog_code": "BUS-CLOUD-IRSL-01",
                            "billable_catalog_code": "BUS-CLOUD-IRSL-01",
                            "product_code": "NCEPR-B",
                            "combo_code": "NEBULA-IRSL-COMBO",
                            "billable_combo_code": "NEBULA-IRSL-COMBO",
                            "endpoint_name": "Mac 2",
                            "policy_name": "Default Policy",
                            "site_name": "JCP-DEV"
                          }
                        ],
                        "required": [
                          "id",
                          "machine_id",
                          "entitlement_id",
                          "billable_entitlement_id",
                          "license_term_type",
                          "billable_term_type",
                          "policy_id",
                          "group_id",
                          "created_at",
                          "account_id",
                          "parent_account_id",
                          "os_type",
                          "os_platform",
                          "catalog_code",
                          "billable_catalog_code",
                          "product_code",
                          "combo_code",
                          "billable_combo_code",
                          "endpoint_name",
                          "policy_name",
                          "site_name"
                        ],
                        "properties": {
                          "id": {
                            "type": "integer",
                            "title": "id",
                            "description": "id.",
                            "examples": [
                              6080220
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Machine id",
                            "description": "Machine id.",
                            "default": "",
                            "examples": [
                              "48ec2d74-ae08-44d6-9154-c05569466f64"
                            ]
                          },
                          "entitlement_id": {
                            "type": "string",
                            "title": "Entitlement id",
                            "description": "Entitlement id.",
                            "examples": [
                              "216b796d-e7f4-46b8-80c6-f1bbb232fa35"
                            ]
                          },
                          "billable_entitlement_id": {
                            "type": "string",
                            "title": "Billable Entitlement id",
                            "description": "Billable Entitlement id.",
                            "examples": [
                              "216b796d-e7f4-46b8-80c6-f1bbb232fa35"
                            ]
                          },
                          "license_term_type": {
                            "type": "string",
                            "title": "License term type",
                            "description": "License term type.",
                            "examples": [
                              "usage_billing"
                            ]
                          },
                          "billable_term_type": {
                            "type": "string",
                            "title": "Billable Term type",
                            "description": "Billable Term type.",
                            "examples": [
                              "usage_billing"
                            ]
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id",
                            "description": "Policy id.",
                            "examples": [
                              "4ce76b02-5f43-4170-a204-80685c408e06"
                            ]
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group id",
                            "description": "Group id.",
                            "examples": [
                              "4744fb43-a481-4dc5-a335-655268957655"
                            ]
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at",
                            "description": "Created at.",
                            "default": "",
                            "examples": [
                              "2022-04-06T17:48:30Z"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Site id",
                            "description": "Site id.",
                            "examples": [
                              "e59ce7be-6172-4b3a-b1da-6eede7d110b3"
                            ]
                          },
                          "parent_account_id": {
                            "type": "string",
                            "title": "MSP id",
                            "description": "MSP id.",
                            "examples": [
                              "e59ce7be-6172-4b3a-b1da-6eede7d110b3"
                            ]
                          },
                          "os_type": {
                            "type": "integer",
                            "title": "OS type",
                            "description": "OS type.",
                            "default": 0,
                            "examples": [
                              1
                            ]
                          },
                          "os_platform": {
                            "type": "integer",
                            "title": "OS Platform",
                            "description": "OS Platform.",
                            "default": 0,
                            "examples": [
                              2
                            ]
                          },
                          "catalog_code": {
                            "type": "string",
                            "title": "Catalog code",
                            "description": "Catalog code.",
                            "examples": [
                              "BUS-CLOUD-IRSL-01"
                            ]
                          },
                          "billable_catalog_code": {
                            "type": "string",
                            "title": "Billable Catalog code",
                            "description": "Billable Catalog code.",
                            "examples": [
                              "BUS-CLOUD-IRSL-01"
                            ]
                          },
                          "product_code": {
                            "type": "string",
                            "title": "Product code",
                            "description": "Product code.",
                            "examples": [
                              "NCEPR-B"
                            ]
                          },
                          "combo_code": {
                            "type": "string",
                            "title": "Combo code",
                            "description": "Combo code.",
                            "examples": [
                              "NEBULA-IRSL-COMBO"
                            ]
                          },
                          "billable_combo_code": {
                            "type": "string",
                            "title": "Billable Combo code",
                            "description": "Billable Combo code.",
                            "examples": [
                              "NEBULA-IRSL-COMBO"
                            ]
                          },
                          "endpoint_name": {
                            "type": "string",
                            "title": "Endpoint name",
                            "description": "Endpoint name.",
                            "examples": [
                              "Mac 2"
                            ]
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy Name",
                            "description": "Policy Name",
                            "examples": [
                              "Default Policy"
                            ]
                          },
                          "site_name": {
                            "type": "string",
                            "title": "Site name",
                            "description": "Site name.",
                            "examples": [
                              "JCP-DEV"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Usage"
        ],
        "operationId": "api.nebula.search.usagelogs"
      }
    },
    "/nebula/v1/detections/export": {
      "post": {
        "description": "Export detections.",
        "summary": "Export detections",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "type",
                            "group_id",
                            "path",
                            "status",
                            "id",
                            "machine_id",
                            "account_id",
                            "account.name",
                            "group.name",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_offset_seconds",
                            "reported_at",
                            "category",
                            "is_rtp_stream_event",
                            "process_name",
                            "cleaned_at",
                            "machine_name",
                            "machine_ip",
                            "child_trace_count",
                            "source_location",
                            "destination_location",
                            "machine_location",
                            "trace_ip",
                            "trace_port",
                            "threat_name",
                            "is_root_detection",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.protection_status",
                            "agent.object_guid",
                            "rid_details.rule_id",
                            "rid_details.ip",
                            "rid_details.attack_user",
                            "rid_details.protocol",
                            "rid_details.port",
                            "rid_details.attempts",
                            "rid_details.duration",
                            "rid_details.create_time",
                            "rid_details.expire_time",
                            "sha256",
                            "md5",
                            "affected_application",
                            "scan_result.device.disk_model",
                            "action_taken"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "required": [
                        "account_ids"
                      ],
                      "title": "List of queries to fetch endpoints",
                      "additionalProperties": true,
                      "properties": {
                        "account_ids": {
                          "type": "array",
                          "title": "List of account IDs for this query",
                          "items": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Detections"
        ],
        "operationId": "api.v2.nebula.post.export.detections"
      }
    },
    "/nebula/v1/detections/export/async": {
      "post": {
        "description": "Export detections asynchronously.",
        "summary": "Export detections asynchronously",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "type",
                            "group_id",
                            "path",
                            "status",
                            "id",
                            "machine_id",
                            "account_id",
                            "account.name",
                            "group.name",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_offset_seconds",
                            "reported_at",
                            "category",
                            "is_rtp_stream_event",
                            "process_name",
                            "cleaned_at",
                            "machine_name",
                            "machine_ip",
                            "child_trace_count",
                            "source_location",
                            "destination_location",
                            "machine_location",
                            "trace_ip",
                            "trace_port",
                            "threat_name",
                            "is_root_detection",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.protection_status",
                            "agent.object_guid",
                            "rid_details.rule_id",
                            "rid_details.ip",
                            "rid_details.attack_user",
                            "rid_details.protocol",
                            "rid_details.port",
                            "rid_details.attempts",
                            "rid_details.duration",
                            "rid_details.create_time",
                            "rid_details.expire_time",
                            "sha256",
                            "md5",
                            "affected_application",
                            "scan_result.device.disk_model",
                            "action_taken"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "required": [
                        "account_ids"
                      ],
                      "title": "List of queries to fetch endpoints",
                      "additionalProperties": true,
                      "properties": {
                        "account_ids": {
                          "type": "array",
                          "title": "List of account IDs for this query",
                          "items": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Detections"
        ],
        "operationId": "api.v2.nebula.post.export.detections.async"
      }
    },
    "/nebula/v1/detections/{id}": {
      "get": {
        "description": "Get detection and its full information by ID.",
        "summary": "Get detection by ID",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get detection by id",
                  "additionalProperties": true,
                  "required": [
                    "id",
                    "scan_id",
                    "machine_id",
                    "detection_id",
                    "scanned_at",
                    "scanned_at_local",
                    "reported_at",
                    "status",
                    "type",
                    "path",
                    "category",
                    "ip_address",
                    "url",
                    "port",
                    "affected_application",
                    "md5",
                    "process_name"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "scan_id": {
                      "type": "string",
                      "title": "Scan ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "machine_id": {
                      "type": "string",
                      "title": "Endpoint ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "machine_name": {
                      "type": "string",
                      "title": "Machine name"
                    },
                    "group_id": {
                      "type": "string",
                      "title": "Group ID the endpoint has",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "group_name": {
                      "type": "string",
                      "title": "Group name the endpoint has"
                    },
                    "policy_id": {
                      "type": "string",
                      "title": "The ID of the policy associated to the machine where this detection happened (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "policy_name": {
                      "type": "string",
                      "title": "Policy name"
                    },
                    "detection_id": {
                      "type": "string",
                      "title": "Detection id from endpoint"
                    },
                    "scanned_at": {
                      "type": "string",
                      "title": "Scanned at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "scanned_at_local": {
                      "type": "string",
                      "title": "Scanned at local time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "reported_at": {
                      "type": "string",
                      "title": "Detection reported at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "status": {
                      "type": "string",
                      "title": "Status"
                    },
                    "action_taken": {
                      "type": "string",
                      "title": "Action Taken",
                      "examples": [
                        "unknown",
                        "failed",
                        "noActionByUser",
                        "quarantined",
                        "replaced",
                        "deleteOnReboot",
                        "replaceOnReboot",
                        "blocked",
                        "whitelisted",
                        "unquarantined"
                      ]
                    },
                    "threat_name": {
                      "type": "string",
                      "title": "Threat name"
                    },
                    "type": {
                      "type": "array",
                      "title": "Type",
                      "items": {
                        "type": "string",
                        "title": "Items"
                      }
                    },
                    "path": {
                      "type": "string",
                      "title": "Path"
                    },
                    "category": {
                      "type": "string",
                      "title": "Category"
                    },
                    "ip_address": {
                      "type": "string",
                      "title": "IP address"
                    },
                    "url": {
                      "type": "string",
                      "title": "Url"
                    },
                    "port": {
                      "type": "string",
                      "title": "Port"
                    },
                    "affected_application": {
                      "type": "string",
                      "title": "Affected application"
                    },
                    "md5": {
                      "type": "string",
                      "title": "Md5"
                    },
                    "process_name": {
                      "type": "string",
                      "title": "Process name"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Detections"
        ],
        "operationId": "api.v2.nebula.get.detections.id"
      }
    },
    "/nebula/v1/detections": {
      "post": {
        "description": "Search detections.",
        "summary": "Search detections",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search detections request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "required": [],
                "properties": {
                  "protection_status": {
                    "type": "string",
                    "title": "Protection status of the endpoint(s)",
                    "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                  },
                  "scan_type": {
                    "type": "string",
                    "title": "Type of the scan"
                  },
                  "schedule_id": {
                    "type": "string",
                    "title": "ID of the schedule"
                  },
                  "schedule_etag": {
                    "type": "string",
                    "title": "ETAG of the schedule"
                  },
                  "job_id": {
                    "type": "string",
                    "title": "ID of the job originating this detection"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified domain name"
                  },
                  "engine_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified engine version"
                  },
                  "last_user": {
                    "type": "string",
                    "title": "Last user that logged into the machine"
                  },
                  "last_user.keyword": {
                    "type": "string",
                    "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "plugins.siem.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                  },
                  "plugins.siem.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified SIEM plugin version"
                  },
                  "plugins.browser_phishing_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                  },
                  "plugins.incident_response.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                  },
                  "plugins.incident_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified IR plugin version"
                  },
                  "plugins.endpoint_detection_response.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                  },
                  "plugins.endpoint_detection_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EDR plugin version"
                  },
                  "plugins.endpoint_protection.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                  },
                  "plugins.endpoint_protection.update_package_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP update package version"
                  },
                  "plugins.endpoint_protection.component_package_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP component package version"
                  },
                  "plugins.endpoint_protection.sdk_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP SDK version"
                  },
                  "plugins.endpoint_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP plugin version"
                  },
                  "plugins.asset_manager.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                  },
                  "plugins.asset_manager.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified asset manager plugin version"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified, fully qualified host name"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified host name"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified release name of OS"
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS architecture"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS version"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS type"
                  },
                  "nics.description": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified NICS description"
                  },
                  "nics.mac_address": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified NICS MAC address"
                  },
                  "nics.ips": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified ips"
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "engine_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by engine version. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "at_after": {
                    "type": "string",
                    "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "at_before": {
                    "type": "string",
                    "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "machine_name.keyword": {
                    "type": "string",
                    "title": "The name of the machine. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "machine_name": {
                    "type": "string",
                    "title": "The name of the machine"
                  },
                  "process_name.keyword": {
                    "type": "string",
                    "title": "The name of the process that originated this detection. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "process_name": {
                    "type": "string",
                    "title": "The name of the process that originated this detection"
                  },
                  "affected_application.keyword": {
                    "type": "string",
                    "title": "The application affected by this detection. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "affected_application": {
                    "type": "string",
                    "title": "The application affected by this detection"
                  },
                  "category": {
                    "type": "string",
                    "title": "The category of this detection"
                  },
                  "not.category": {
                    "type": "string",
                    "title": "The category to exclude from search"
                  },
                  "md5": {
                    "type": "string",
                    "title": "The md5 hash of this detection"
                  },
                  "sha256": {
                    "type": "string",
                    "title": "The sha256 hash of this detection"
                  },
                  "path.keyword": {
                    "type": "string",
                    "title": "The path where this detection happened. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "path": {
                    "type": "string",
                    "title": "The path where this detection happened"
                  },
                  "type": {
                    "type": "string",
                    "title": "The type of the detection"
                  },
                  "not.type": {
                    "type": "string",
                    "title": "The type to exclude from search"
                  },
                  "threat_name.keyword": {
                    "type": "string",
                    "title": "The name of the threat. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "threat_name": {
                    "type": "string",
                    "title": "The name of the threat"
                  },
                  "status": {
                    "type": "string",
                    "title": "The status of the detection"
                  },
                  "action_taken": {
                    "type": "string",
                    "title": "The action taken of the detection",
                    "examples": [
                      "unknown",
                      "failed",
                      "noActionByUser",
                      "quarantined",
                      "replaced",
                      "deleteOnReboot",
                      "replaceOnReboot",
                      "blocked",
                      "whitelisted",
                      "unquarantined"
                    ]
                  },
                  "correlation_hash": {
                    "type": "string",
                    "title": "The hash"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "The ID of the group to which the endpoint is assigned (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "The ID of the endpoint (machine) where this detection originated (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "detection_id": {
                    "type": "string",
                    "title": "The ID of the detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "parent_detection_id": {
                    "type": "string",
                    "title": "The ID of the parent detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "scan_id": {
                    "type": "string",
                    "title": "The ID of the scan (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "trace_id": {
                    "type": "string",
                    "title": "The ID of the parent trace (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "start_date": {
                    "type": "string",
                    "title": "Get results after this date. Defaults to 1 week if not specified. (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "end_date": {
                    "type": "string",
                    "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "scanned_at_after": {
                    "type": "string",
                    "title": "Get results generated by a scan happening after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "scanned_at_before": {
                    "type": "string",
                    "title": "Get results generated by a scan happening before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "reported_at_after": {
                    "type": "string",
                    "title": "Get results reported after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "reported_at_before": {
                    "type": "string",
                    "title": "Get results reported before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "cleaned_at_after": {
                    "type": "string",
                    "title": "Get results cleaned after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "cleaned_at_before": {
                    "type": "string",
                    "title": "Get results cleaned before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "is_root_detection": {
                    "type": "boolean",
                    "title": "Whether this detection is the root detection"
                  },
                  "is_rtp_stream_event": {
                    "type": "boolean",
                    "title": "Whether this is a Real-Time Protection event"
                  },
                  "object_guid": {
                    "type": "string",
                    "title": "object_guid filter"
                  },
                  "scan_result.device.disk_model": {
                    "type": "string",
                    "title": "Disk model of device control detection (exact search)"
                  },
                  "not.scan_result.device.disk_model": {
                    "type": "string",
                    "title": "Disk model of device control detection (contains search)"
                  },
                  "scan_result.device.disk_model.keyword": {
                    "type": "string",
                    "title": "Disk model of device control detection. Search for the matches that are not equal to the value"
                  },
                  "not.scan_result.device.disk_model.keyword": {
                    "type": "string",
                    "title": "Disk model of device control detection. Search for the matches that do not contain the value"
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "If the sort field is used, then sort_order is required.",
                    "enum": [
                      "trace_id",
                      "scan_id",
                      "machine_id",
                      "group_id",
                      "account_id",
                      "detection_id",
                      "parent_detection_id",
                      "correlation_hash",
                      "status",
                      "threat_name.keyword",
                      "type",
                      "path.keyword",
                      "category",
                      "md5",
                      "sha256",
                      "affected_application.keyword",
                      "process_name.keyword",
                      "machine_name.keyword",
                      "scanned_at",
                      "reported_at",
                      "cleaned_at",
                      "is_root_detection",
                      "is_rtp_stream_event",
                      "object_guid",
                      "scan_result.device.disk_model"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "trace_id",
                        "scan_id",
                        "machine_id",
                        "group_id",
                        "account_id",
                        "detection_id",
                        "parent_detection_id",
                        "correlation_hash",
                        "status",
                        "threat_name.keyword",
                        "type",
                        "path.keyword",
                        "category",
                        "md5",
                        "affected_application.keyword",
                        "process_name.keyword",
                        "machine_name.keyword",
                        "daily_detections_by_category",
                        "protection_status",
                        "os_info.os_release_name.keyword",
                        "nics.ips",
                        "nics.mac_address",
                        "nics.description.keyword",
                        "os_info.os_type",
                        "os_info.os_version.keyword",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "host_name.keyword",
                        "fully_qualified_host_name.keyword",
                        "plugins.asset_manager.plugin_version.keyword",
                        "plugins.asset_manager.reboot_reason",
                        "plugins.endpoint_protection.plugin_version.keyword",
                        "plugins.endpoint_protection.sdk_version.keyword",
                        "plugins.endpoint_protection.component_package_version.keyword",
                        "plugins.endpoint_protection.update_package_version.keyword",
                        "plugins.endpoint_protection.reboot_reason",
                        "plugins.endpoint_detection_response.plugin_version.keyword",
                        "plugins.endpoint_detection_response.reboot_reason",
                        "plugins.endpoint_detection_and_response.plugin_version.keyword",
                        "plugins.endpoint_detection_and_response.reboot_reason",
                        "plugins.incident_response.plugin_version.keyword",
                        "plugins.incident_response.reboot_reason",
                        "plugins.siem.plugin_version.keyword",
                        "plugins.siem.reboot_reason",
                        "plugins.browser_phishing_protection.plugin_version.keyword",
                        "engine_version.keyword",
                        "domain_name.keyword",
                        "policy_etag",
                        "last_user.keyword",
                        "object_guid",
                        "scan_result.device.disk_model",
                        "category_by_status"
                      ]
                    }
                  },
                  "populate": {
                    "type": "object",
                    "title": "The populate object Schema",
                    "properties": {
                      "group": {
                        "type": "boolean",
                        "title": "Populate with the group data"
                      },
                      "endpoint": {
                        "type": "boolean",
                        "title": "Populate with the endpoint data (agent, machine_location)"
                      },
                      "scan_result": {
                        "type": "boolean",
                        "title": "Populate with the scan_result data"
                      }
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  },
                  "aggregate_by_account": {
                    "type": "boolean"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search detections result",
                  "properties": {
                    "detections": {
                      "type": "array",
                      "title": "Detections",
                      "items": {
                        "type": "object",
                        "title": "Detection items",
                        "additionalProperties": false,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID"
                          },
                          "type": {
                            "type": "array",
                            "title": "Type",
                            "items": {
                              "type": "string",
                              "title": "Type items"
                            }
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID"
                          },
                          "group": {
                            "type": "object",
                            "title": "The Group Schema",
                            "additionalProperties": true
                          },
                          "is_root_detection": {
                            "type": "boolean",
                            "title": "Is root detection"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID"
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection ID"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at"
                          },
                          "scanned_at_offset_seconds": {
                            "type": "integer",
                            "title": "Scanned at offset seconds"
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Reported at"
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "action_taken": {
                            "type": "string",
                            "title": "Action taken"
                          },
                          "is_rtp_stream_event": {
                            "type": "boolean",
                            "title": "Is rtp stream event"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          },
                          "cleaned_at": {
                            "type": "string",
                            "title": "Cleaned at"
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Endpoint name"
                          },
                          "trace_id": {
                            "type": "string",
                            "title": "Trace ID"
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "Affected application"
                          },
                          "last_user": {
                            "type": "string",
                            "title": "Last user"
                          },
                          "md5": {
                            "type": "string",
                            "title": "MD5"
                          },
                          "sha256": {
                            "type": "string",
                            "title": "SHA256"
                          },
                          "machine_ip": {
                            "type": "string",
                            "title": "Machine IP address"
                          },
                          "child_trace_count": {
                            "type": "integer",
                            "title": "Child trace count"
                          },
                          "agent": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "at": "2020-10-23T14:20:51.006558Z",
                                    "is_software_update_available": false,
                                    "started_at_local": "2020-10-23T14:20:50.920306Z",
                                    "started_at_offset": -25200,
                                    "nics": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "os_info": {
                                      "os_type": "Workstation",
                                      "os_version": "6.3.9600",
                                      "os_platform": "Windows",
                                      "os_architecture": "x86",
                                      "os_release_name": "Microsoft Windows 8.1 Pro"
                                    },
                                    "fully_qualified_host_name": "sahamedw8-1x86",
                                    "plugins": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      },
                                      "endpoint_protection": {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      },
                                      "asset_manager": {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      },
                                      "endpoint_detection_and_response": {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    },
                                    "engine_version": "1.2.0.821",
                                    "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                    "last_user": "SAHAMEDW8-1X86\\Administrator",
                                    "serial_number": "c02thb32g8wn",
                                    "host_name": "sahamedw8-1x86",
                                    "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                    "machine_ip": "216.75.233.210"
                                  }
                                ],
                                "properties": {
                                  "at": {
                                    "type": "string",
                                    "title": "The at schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:51.006558Z"
                                    ]
                                  },
                                  "is_software_update_available": {
                                    "type": "boolean",
                                    "title": "The is_software_update_available schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "started_at_local": {
                                    "type": "string",
                                    "title": "The started_at_local schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:50.920306Z"
                                    ]
                                  },
                                  "started_at_offset": {
                                    "type": "integer",
                                    "title": "The started_at_offset schema",
                                    "default": 0,
                                    "examples": [
                                      -25200
                                    ]
                                  },
                                  "nics": {
                                    "type": "array",
                                    "title": "The nics schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ]
                                    ],
                                    "additionalItems": true,
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "object",
                                          "title": "The first anyOf schema",
                                          "default": {},
                                          "examples": [
                                            {
                                              "ips": [
                                                "10.151.110.52"
                                              ],
                                              "description": "Intel(R) 82574L Gigabit Network Connection",
                                              "mac_address": "005056B91173"
                                            }
                                          ],
                                          "properties": {
                                            "ips": {
                                              "type": "array",
                                              "title": "The ips schema",
                                              "default": [],
                                              "examples": [
                                                [
                                                  "10.151.110.52"
                                                ]
                                              ],
                                              "additionalItems": true,
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "The first anyOf schema",
                                                    "default": "",
                                                    "examples": [
                                                      "10.151.110.52"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "The description schema",
                                              "default": "",
                                              "examples": [
                                                "Intel(R) 82574L Gigabit Network Connection"
                                              ]
                                            },
                                            "mac_address": {
                                              "type": "string",
                                              "title": "The mac_address schema",
                                              "default": "",
                                              "examples": [
                                                "005056B91173"
                                              ]
                                            }
                                          },
                                          "additionalProperties": true
                                        }
                                      ]
                                    }
                                  },
                                  "os_info": {
                                    "type": "object",
                                    "title": "The os_info schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "os_type": "Workstation",
                                        "os_version": "6.3.9600",
                                        "os_platform": "Windows",
                                        "os_architecture": "x86",
                                        "os_release_name": "Microsoft Windows 8.1 Pro"
                                      }
                                    ],
                                    "properties": {
                                      "os_type": {
                                        "type": "string",
                                        "title": "The os_type schema",
                                        "default": "",
                                        "examples": [
                                          "Workstation"
                                        ]
                                      },
                                      "os_version": {
                                        "type": "string",
                                        "title": "The os_version schema",
                                        "default": "",
                                        "examples": [
                                          "6.3.9600"
                                        ]
                                      },
                                      "os_platform": {
                                        "type": "string",
                                        "title": "The os_platform schema",
                                        "default": "",
                                        "examples": [
                                          "Windows"
                                        ]
                                      },
                                      "os_architecture": {
                                        "type": "string",
                                        "title": "The os_architecture schema",
                                        "default": "",
                                        "examples": [
                                          "x86"
                                        ]
                                      },
                                      "os_release_name": {
                                        "type": "string",
                                        "title": "The os_release_name schema",
                                        "default": "",
                                        "examples": [
                                          "Microsoft Windows 8.1 Pro"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "fully_qualified_host_name": {
                                    "type": "string",
                                    "title": "The fully_qualified_host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "plugins": {
                                    "type": "object",
                                    "title": "The plugins schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "windows_remote_intrusion_detection_and_prevention": {
                                          "product_name": "Windows Remote Intrusion Detection and Prevention",
                                          "plugin_version": "1.2.0.21"
                                        },
                                        "endpoint_protection": {
                                          "sdk_version": "4.2.1.90",
                                          "product_name": "Endpoint Protection",
                                          "plugin_version": "1.2.0.844",
                                          "update_package_version": "1.0.31870",
                                          "component_package_version": "1.0.1085",
                                          "reboot_reasons": 0
                                        },
                                        "asset_manager": {
                                          "product_name": "Asset Manager",
                                          "plugin_version": "1.2.0.330",
                                          "reboot_reasons": 0
                                        },
                                        "endpoint_detection_and_response": {
                                          "product_name": "Endpoint Detection and Response",
                                          "plugin_version": "1.2.0.297",
                                          "reboot_reasons": 0
                                        }
                                      }
                                    ],
                                    "properties": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "type": "object",
                                        "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Windows Remote Intrusion Detection and Prevention",
                                            "plugin_version": "1.2.0.21"
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Windows Remote Intrusion Detection and Prevention"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.21"
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_protection": {
                                        "type": "object",
                                        "title": "The endpoint_protection schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "sdk_version": "4.2.1.90",
                                            "product_name": "Endpoint Protection",
                                            "plugin_version": "1.2.0.844",
                                            "update_package_version": "1.0.31870",
                                            "component_package_version": "1.0.1085",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "sdk_version": {
                                            "type": "string",
                                            "title": "The sdk_version schema",
                                            "default": "",
                                            "examples": [
                                              "4.2.1.90"
                                            ]
                                          },
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Protection"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.844"
                                            ]
                                          },
                                          "update_package_version": {
                                            "type": "string",
                                            "title": "The update_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.31870"
                                            ]
                                          },
                                          "component_package_version": {
                                            "type": "string",
                                            "title": "The component_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.1085"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "asset_manager": {
                                        "type": "object",
                                        "title": "The asset_manager schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Asset Manager",
                                            "plugin_version": "1.2.0.330",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Asset Manager"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.330"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_detection_and_response": {
                                        "type": "object",
                                        "title": "The endpoint_detection_and_response schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Endpoint Detection and Response",
                                            "plugin_version": "1.2.0.297",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Detection and Response"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.297"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "engine_version": {
                                    "type": "string",
                                    "title": "The engine_version schema",
                                    "default": "",
                                    "examples": [
                                      "1.2.0.821"
                                    ]
                                  },
                                  "policy_etag": {
                                    "type": "string",
                                    "title": "The policy_etag schema",
                                    "default": "",
                                    "examples": [
                                      "c6ea44914b72c92cba939ac3bd369dc4"
                                    ]
                                  },
                                  "last_user": {
                                    "type": "string",
                                    "title": "The last_user schema",
                                    "default": "",
                                    "examples": [
                                      "SAHAMEDW8-1X86\\Administrator"
                                    ]
                                  },
                                  "host_name": {
                                    "type": "string",
                                    "title": "The host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "machine_id": {
                                    "type": "string",
                                    "title": "The machine_id schema",
                                    "default": "",
                                    "examples": [
                                      "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                    ]
                                  },
                                  "machine_ip": {
                                    "type": "string",
                                    "title": "The machine_ip schema",
                                    "default": "",
                                    "examples": [
                                      "216.75.233.210"
                                    ]
                                  },
                                  "object_guid": {
                                    "type": "string",
                                    "title": "The object_guid schema",
                                    "default": ""
                                  }
                                }
                              },
                              {
                                "title": "Agent information. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "machine_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Machine location. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "source_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Source location for RID category"
                              }
                            ]
                          },
                          "destination_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Destination location for RID category"
                              }
                            ]
                          },
                          "account": {
                            "parent": {
                              "title": "Parent account ID",
                              "type": "string"
                            },
                            "name": {
                              "title": "Account name",
                              "type": "string"
                            },
                            "deleted": {
                              "title": "Account deleted",
                              "type": "boolean"
                            },
                            "options": {
                              "type": "object",
                              "properties": {
                                "msp": {
                                  "type": "object",
                                  "properties": {
                                    "name": {
                                      "type": "string"
                                    }
                                  }
                                }
                              }
                            }
                          },
                          "rid_details": {
                            "type": "object",
                            "title": "Remote intrusion detection details",
                            "properties": {
                              "rule_id": {
                                "type": "string"
                              },
                              "ip": {
                                "type": "string"
                              },
                              "attack_user": {
                                "type": "string"
                              },
                              "protocol": {
                                "type": "string"
                              },
                              "port": {
                                "type": "integer"
                              },
                              "attempts": {
                                "type": "integer"
                              },
                              "duration": {
                                "type": "integer"
                              },
                              "create_time": {
                                "type": "string"
                              },
                              "expire_time": {
                                "type": "string"
                              },
                              "deleted": {
                                "type": "boolean"
                              },
                              "document_id": {
                                "type": "string"
                              },
                              "version": {
                                "type": "integer"
                              }
                            }
                          },
                          "device_control": {
                            "type": "object",
                            "title": "Device control object schema",
                            "properties": {
                              "timestamp": {
                                "type": "string",
                                "description": "Timestamp of the detection"
                              },
                              "physical_disk_name": {
                                "type": "string",
                                "description": "Physical disk name"
                              },
                              "device_id": {
                                "type": "string",
                                "description": "Device ID"
                              },
                              "disk_interface": {
                                "type": "string",
                                "description": "Disk interface"
                              },
                              "manufacturer": {
                                "type": "string",
                                "decription": "Manufacturer"
                              },
                              "serial_number": {
                                "type": "string",
                                "description": "Serial number"
                              },
                              "drive_compressed": {
                                "type": "boolean",
                                "description": "Boolean field to indicate if drive is compressed"
                              },
                              "file_system": {
                                "type": "string",
                                "description": "File system"
                              },
                              "volume_name": {
                                "type": "string",
                                "description": "Volume name"
                              },
                              "volume_serial": {
                                "type": "string",
                                "description": "Volume serial number"
                              },
                              "volume_device_path": {
                                "type": "string",
                                "description": "Volume device path"
                              },
                              "block_status": {
                                "type": "string",
                                "description": "Block status"
                              },
                              "drive_metadata": {
                                "type": "object",
                                "decription": "Drive metadata",
                                "additionalProperties": true
                              },
                              "pnp_device_id": {
                                "type": "string",
                                "decription": "PNP device ID"
                              },
                              "scanned_at": {
                                "type": "string",
                                "description": "Scanned at"
                              }
                            }
                          },
                          "scan_result": {
                            "title": "Scan Result. Included if the request includes populate 'scan_result'",
                            "type": "object",
                            "properties": {
                              "scan_id": {
                                "type": "string"
                              },
                              "account_id": {
                                "type": "string"
                              },
                              "machine_id": {
                                "type": "string"
                              },
                              "reported_at": {
                                "type": "string"
                              },
                              "scan_type": {
                                "type": "string"
                              },
                              "started_at": {
                                "type": "string"
                              },
                              "started_at_offset_seconds": {
                                "type": "integer"
                              },
                              "duration": {
                                "allOf": [
                                  {
                                    "bignumber": true
                                  },
                                  {
                                    "type": "number"
                                  }
                                ]
                              },
                              "found_count": {
                                "type": "integer"
                              },
                              "quarantined_count": {
                                "type": "integer"
                              },
                              "deleted_count": {
                                "type": "integer"
                              },
                              "device": {
                                "type": "object",
                                "title": "Device control object schema",
                                "properties": {
                                  "timestamp": {
                                    "type": "string",
                                    "description": "Timestamp of the detection"
                                  },
                                  "physical_disk_name": {
                                    "type": "string",
                                    "description": "Physical disk name"
                                  },
                                  "device_id": {
                                    "type": "string",
                                    "description": "Device ID"
                                  },
                                  "disk_interface": {
                                    "type": "string",
                                    "description": "Disk interface"
                                  },
                                  "manufacturer": {
                                    "type": "string",
                                    "decription": "Manufacturer"
                                  },
                                  "serial_number": {
                                    "type": "string",
                                    "description": "Serial number"
                                  },
                                  "drive_compressed": {
                                    "type": "boolean",
                                    "description": "Boolean field to indicate if drive is compressed"
                                  },
                                  "file_system": {
                                    "type": "string",
                                    "description": "File system"
                                  },
                                  "volume_name": {
                                    "type": "string",
                                    "description": "Volume name"
                                  },
                                  "volume_serial": {
                                    "type": "string",
                                    "description": "Volume serial number"
                                  },
                                  "volume_device_path": {
                                    "type": "string",
                                    "description": "Volume device path"
                                  },
                                  "block_status": {
                                    "type": "string",
                                    "description": "Block status"
                                  },
                                  "drive_metadata": {
                                    "type": "object",
                                    "decription": "Drive metadata",
                                    "additionalProperties": true
                                  },
                                  "pnp_device_id": {
                                    "type": "string",
                                    "decription": "PNP device ID"
                                  },
                                  "scanned_at": {
                                    "type": "string",
                                    "description": "Scanned at"
                                  }
                                }
                              },
                              "metadata": {
                                "properties": {
                                  "application_version": {
                                    "type": "string"
                                  },
                                  "components_update_package_version": {
                                    "type": "string"
                                  },
                                  "cpu": {
                                    "type": "string"
                                  },
                                  "db_sdk_update_package_version": {
                                    "type": "string"
                                  },
                                  "detection_date_time": {
                                    "type": "string"
                                  },
                                  "file_system": {
                                    "type": "string"
                                  },
                                  "files_detected": {
                                    "type": "integer"
                                  },
                                  "folders_detected": {
                                    "type": "integer"
                                  },
                                  "id": {
                                    "type": "string"
                                  },
                                  "license_state": {
                                    "type": "string"
                                  },
                                  "logged_on_user_name": {
                                    "type": "string"
                                  },
                                  "modules_detected": {
                                    "type": "integer"
                                  },
                                  "os": {
                                    "type": "string"
                                  },
                                  "processes_detected": {
                                    "type": "integer"
                                  },
                                  "registry_data_detected": {
                                    "type": "integer"
                                  },
                                  "registry_keys_detected": {
                                    "type": "integer"
                                  },
                                  "registry_values_detected": {
                                    "type": "integer"
                                  },
                                  "schema_version": {
                                    "type": "integer"
                                  },
                                  "source_details": {
                                    "properties": {
                                      "objects_scanned": {
                                        "type": "integer"
                                      },
                                      "scan_duration_secs": {
                                        "type": "integer"
                                      },
                                      "scan_options": {
                                        "properties": {
                                          "pum_handling": {
                                            "type": "string"
                                          },
                                          "pup_handling": {
                                            "type": "string"
                                          },
                                          "scan_archives": {
                                            "type": "boolean"
                                          },
                                          "scan_file_system": {
                                            "type": "boolean"
                                          },
                                          "scan_memory_objects": {
                                            "type": "boolean"
                                          },
                                          "scan_pums": {
                                            "type": "boolean"
                                          },
                                          "scan_pups": {
                                            "type": "boolean"
                                          },
                                          "scan_rootkits": {
                                            "type": "boolean"
                                          },
                                          "scan_startup_and_registry": {
                                            "type": "boolean"
                                          },
                                          "scan_type": {
                                            "type": "string"
                                          },
                                          "use_heuristics": {
                                            "type": "boolean"
                                          }
                                        }
                                      },
                                      "scan_result": {
                                        "type": "string"
                                      },
                                      "type": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "user_admin": {
                                    "type": "boolean"
                                  }
                                }
                              },
                              "schedule_id": {
                                "type": "string"
                              },
                              "schedule_etag": {
                                "type": "string"
                              },
                              "job_id": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Detections"
        ],
        "operationId": "api.v2.nebula.search.detections"
      }
    },
    "/nebula/v1/detections/search-groupby": {
      "post": {
        "description": "Search detections groupBy.",
        "summary": "Search detections groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Endpoints Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "additionalProperties": true,
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search detections request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "required": [],
                    "properties": {
                      "protection_status": {
                        "type": "string",
                        "title": "Protection status of the endpoint(s)",
                        "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                      },
                      "scan_type": {
                        "type": "string",
                        "title": "Type of the scan"
                      },
                      "schedule_id": {
                        "type": "string",
                        "title": "ID of the schedule"
                      },
                      "schedule_etag": {
                        "type": "string",
                        "title": "ETAG of the schedule"
                      },
                      "job_id": {
                        "type": "string",
                        "title": "ID of the job originating this detection"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified domain name"
                      },
                      "engine_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified engine version"
                      },
                      "last_user": {
                        "type": "string",
                        "title": "Last user that logged into the machine"
                      },
                      "last_user.keyword": {
                        "type": "string",
                        "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "plugins.siem.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                      },
                      "plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified SIEM plugin version"
                      },
                      "plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                      },
                      "plugins.incident_response.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                      },
                      "plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified IR plugin version"
                      },
                      "plugins.endpoint_detection_response.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                      },
                      "plugins.endpoint_detection_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EDR plugin version"
                      },
                      "plugins.endpoint_protection.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                      },
                      "plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP update package version"
                      },
                      "plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP component package version"
                      },
                      "plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP SDK version"
                      },
                      "plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP plugin version"
                      },
                      "plugins.asset_manager.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                      },
                      "plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified asset manager plugin version"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified, fully qualified host name"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified host name"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified release name of OS"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS architecture"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS version"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS type"
                      },
                      "nics.description": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified NICS description"
                      },
                      "nics.mac_address": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified NICS MAC address"
                      },
                      "nics.ips": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified ips"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "engine_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by engine version. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "at_after": {
                        "type": "string",
                        "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "at_before": {
                        "type": "string",
                        "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "machine_name.keyword": {
                        "type": "string",
                        "title": "The name of the machine. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "machine_name": {
                        "type": "string",
                        "title": "The name of the machine"
                      },
                      "process_name.keyword": {
                        "type": "string",
                        "title": "The name of the process that originated this detection. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "process_name": {
                        "type": "string",
                        "title": "The name of the process that originated this detection"
                      },
                      "affected_application.keyword": {
                        "type": "string",
                        "title": "The application affected by this detection. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "affected_application": {
                        "type": "string",
                        "title": "The application affected by this detection"
                      },
                      "category": {
                        "type": "string",
                        "title": "The category of this detection"
                      },
                      "not.category": {
                        "type": "string",
                        "title": "The category to exclude from search"
                      },
                      "md5": {
                        "type": "string",
                        "title": "The md5 hash of this detection"
                      },
                      "sha256": {
                        "type": "string",
                        "title": "The sha256 hash of this detection"
                      },
                      "path.keyword": {
                        "type": "string",
                        "title": "The path where this detection happened. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "path": {
                        "type": "string",
                        "title": "The path where this detection happened"
                      },
                      "type": {
                        "type": "string",
                        "title": "The type of the detection"
                      },
                      "not.type": {
                        "type": "string",
                        "title": "The type to exclude from search"
                      },
                      "threat_name.keyword": {
                        "type": "string",
                        "title": "The name of the threat. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "threat_name": {
                        "type": "string",
                        "title": "The name of the threat"
                      },
                      "status": {
                        "type": "string",
                        "title": "The status of the detection"
                      },
                      "action_taken": {
                        "type": "string",
                        "title": "The action taken of the detection",
                        "examples": [
                          "unknown",
                          "failed",
                          "noActionByUser",
                          "quarantined",
                          "replaced",
                          "deleteOnReboot",
                          "replaceOnReboot",
                          "blocked",
                          "whitelisted",
                          "unquarantined"
                        ]
                      },
                      "correlation_hash": {
                        "type": "string",
                        "title": "The hash"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "The ID of the group to which the endpoint is assigned (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "The ID of the endpoint (machine) where this detection originated (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "detection_id": {
                        "type": "string",
                        "title": "The ID of the detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "parent_detection_id": {
                        "type": "string",
                        "title": "The ID of the parent detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "scan_id": {
                        "type": "string",
                        "title": "The ID of the scan (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "trace_id": {
                        "type": "string",
                        "title": "The ID of the parent trace (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "start_date": {
                        "type": "string",
                        "title": "Get results after this date. Defaults to 1 week if not specified. (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "end_date": {
                        "type": "string",
                        "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "scanned_at_after": {
                        "type": "string",
                        "title": "Get results generated by a scan happening after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "scanned_at_before": {
                        "type": "string",
                        "title": "Get results generated by a scan happening before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "reported_at_after": {
                        "type": "string",
                        "title": "Get results reported after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "reported_at_before": {
                        "type": "string",
                        "title": "Get results reported before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "cleaned_at_after": {
                        "type": "string",
                        "title": "Get results cleaned after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "cleaned_at_before": {
                        "type": "string",
                        "title": "Get results cleaned before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "is_root_detection": {
                        "type": "boolean",
                        "title": "Whether this detection is the root detection"
                      },
                      "is_rtp_stream_event": {
                        "type": "boolean",
                        "title": "Whether this is a Real-Time Protection event"
                      },
                      "object_guid": {
                        "type": "string",
                        "title": "object_guid filter"
                      },
                      "scan_result.device.disk_model": {
                        "type": "string",
                        "title": "Disk model of device control detection (exact search)"
                      },
                      "not.scan_result.device.disk_model": {
                        "type": "string",
                        "title": "Disk model of device control detection (contains search)"
                      },
                      "scan_result.device.disk_model.keyword": {
                        "type": "string",
                        "title": "Disk model of device control detection. Search for the matches that are not equal to the value"
                      },
                      "not.scan_result.device.disk_model.keyword": {
                        "type": "string",
                        "title": "Disk model of device control detection. Search for the matches that do not contain the value"
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "If the sort field is used, then sort_order is required.",
                        "enum": [
                          "trace_id",
                          "scan_id",
                          "machine_id",
                          "group_id",
                          "account_id",
                          "detection_id",
                          "parent_detection_id",
                          "correlation_hash",
                          "status",
                          "threat_name.keyword",
                          "type",
                          "path.keyword",
                          "category",
                          "md5",
                          "sha256",
                          "affected_application.keyword",
                          "process_name.keyword",
                          "machine_name.keyword",
                          "scanned_at",
                          "reported_at",
                          "cleaned_at",
                          "is_root_detection",
                          "is_rtp_stream_event",
                          "object_guid",
                          "scan_result.device.disk_model"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "trace_id",
                            "scan_id",
                            "machine_id",
                            "group_id",
                            "account_id",
                            "detection_id",
                            "parent_detection_id",
                            "correlation_hash",
                            "status",
                            "threat_name.keyword",
                            "type",
                            "path.keyword",
                            "category",
                            "md5",
                            "affected_application.keyword",
                            "process_name.keyword",
                            "machine_name.keyword",
                            "daily_detections_by_category",
                            "protection_status",
                            "os_info.os_release_name.keyword",
                            "nics.ips",
                            "nics.mac_address",
                            "nics.description.keyword",
                            "os_info.os_type",
                            "os_info.os_version.keyword",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "host_name.keyword",
                            "fully_qualified_host_name.keyword",
                            "plugins.asset_manager.plugin_version.keyword",
                            "plugins.asset_manager.reboot_reason",
                            "plugins.endpoint_protection.plugin_version.keyword",
                            "plugins.endpoint_protection.sdk_version.keyword",
                            "plugins.endpoint_protection.component_package_version.keyword",
                            "plugins.endpoint_protection.update_package_version.keyword",
                            "plugins.endpoint_protection.reboot_reason",
                            "plugins.endpoint_detection_response.plugin_version.keyword",
                            "plugins.endpoint_detection_response.reboot_reason",
                            "plugins.endpoint_detection_and_response.plugin_version.keyword",
                            "plugins.endpoint_detection_and_response.reboot_reason",
                            "plugins.incident_response.plugin_version.keyword",
                            "plugins.incident_response.reboot_reason",
                            "plugins.siem.plugin_version.keyword",
                            "plugins.siem.reboot_reason",
                            "plugins.browser_phishing_protection.plugin_version.keyword",
                            "engine_version.keyword",
                            "domain_name.keyword",
                            "policy_etag",
                            "last_user.keyword",
                            "object_guid",
                            "scan_result.device.disk_model",
                            "category_by_status"
                          ]
                        }
                      },
                      "populate": {
                        "type": "object",
                        "title": "The populate object Schema",
                        "properties": {
                          "group": {
                            "type": "boolean",
                            "title": "Populate with the group data"
                          },
                          "endpoint": {
                            "type": "boolean",
                            "title": "Populate with the endpoint data (agent, machine_location)"
                          },
                          "scan_result": {
                            "type": "boolean",
                            "title": "Populate with the scan_result data"
                          }
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean"
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The group by field Schema",
                    "enum": [
                      "account_id",
                      "group_id",
                      "machine_id",
                      "type",
                      "status",
                      "category",
                      "affected_application.keyword",
                      "threat_name.keyword",
                      "process_name.keyword",
                      "os_info.os_type",
                      "os_info.os_platform",
                      "object_guid",
                      "scan_result.device.disk_model",
                      "action_taken"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page_size Schema",
                    "minimum": 50,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The Next_cursor Schema"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Endpoints Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": "string",
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "name": {
                            "type": "string",
                            "title": "The Total Schema"
                          },
                          "tags": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "The Total Schema"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The Total Schema"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The Next_cursor Schema"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Detections"
        ],
        "operationId": "api.v2.nebula.search.detections.group"
      }
    },
    "/nebula/v1/assets/software/export": {
      "post": {
        "description": "Export assets software data. You can export across multiple accounts. Specify your interested fields and the output format.\n\nSupported output formats: csv, xlsx, json.\n\n## Settings\n\n| Name | Description |\n|------|-------------|\n| groups | List of queries. The constraints accepted are the same accepted by the search assets software route. Refer to [Search assets software API](#operation/api.nebula.search.assets.software) for more information about the constraints accepted. |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n## Examples\n\n### Download HTML file\n\nA request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all detections on `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34`:\n\n```json\n\t{\n\t\t\"groups\": [{\n\t\t\t\"vendor\": \"Mozilla\"\n\t\t}],\n\t\t\"format\": \"html\",\n\t\t\"type\": \"string\",\n\t\t\"filename\": \"nameofthefile\",\n\t\t\"download\": true,\n\t\t\"select\": [\n            {\"field\": \"accountId\", \"newField\": \"account_id\"},\n            {\"field\": \"groupId\", \"newField\": \"groupId\"},\n            {\"field\": \"vendor\", \"newField\": \"vendor\"},\n            {\"field\": \"product\", \"newField\": \"product\"},\n            {\"field\": \"installationDate\", \"newField\": \"installationDate\"},\n            {\"field\": \"createdAt\", \"newField\": \"createdAt\"}\n        ]\n\t}\n```\n\n### Download xlsx file\n\nA request with this body sent by a browser will download a file called `report.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34` and the endpoint with id `211a4cfc-557e-4ba7-a96f-70685a07c29e`:\n\n```json\n\t{\n\t\t\"groups\": [{\n        \t\"vendor\": \"Mozilla\"\n        }],\n\t\t\"populate\": { \"account\": true, \"last_job\": true },\n\t\t\"format\": \"xlsx\",\n\t\t\"type\": \"base64\",\n\t\t\"filename\": \"report\",\n\t\t\"download\": true,\n\t\t\"select\": [\n            {\"field\": \"accountId\", \"newField\": \"account_id\"},\n            {\"field\": \"groupId\", \"newField\": \"groupId\"},\n            {\"field\": \"vendor\", \"newField\": \"vendor\"},\n            {\"field\": \"product\", \"newField\": \"product\"},\n            {\"field\": \"installationDate\", \"newField\": \"installationDate\"},\n            {\"field\": \"createdAt\", \"newField\": \"createdAt\"}\n        ]\n\t}\n```\n\n\n",
        "summary": "Export assets software",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "machine_id",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "installation_date",
                            "account_name",
                            "host_name",
                            "fully_qualified_host_name",
                            "domain_name",
                            "alias",
                            "created_at",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "object_guid",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical",
                            "cves_score",
                            "cves_count",
                            "cves_count_by_status.unknown",
                            "cves_count_by_status.low",
                            "cves_count_by_status.medium",
                            "cves_count_by_status.high",
                            "cves_count_by_status.critical",
                            "language",
                            "architecture",
                            "product_signature",
                            "update_available",
                            "supports_update"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for an exact match"
                            },
                            "not.parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for the matches that are not equal to the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for the matches that are not equal to the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for an exact match"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for the matches that are not equal to the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for the matches that are not equal to the value"
                            },
                            "account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the matches that contain the value"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for an exact match"
                            },
                            "not.account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the matches that don't contain the value"
                            },
                            "not.account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the matches that are not equal to the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the matches that contain the value"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for an exact match"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the matches that don't contain the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the matches that are not equal to the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the matches that contain the value"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the matches that don't contain the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the matches that are not equal to the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for an exact match"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the matches that contain the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the matches that are not equal to the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the matches that do not contain the value"
                            },
                            "alias": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for the matches that contain the value"
                            },
                            "alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for an exact match"
                            },
                            "not.alias": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for the matches that don't contain the value"
                            },
                            "not.alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for the matches that are not equal to the value"
                            },
                            "vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for the matches that contain the value"
                            },
                            "vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for an exact match"
                            },
                            "not.vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for the matches that don't contain the value"
                            },
                            "not.vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for the matches that are not equal to the value"
                            },
                            "normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for the matches that contain the value"
                            },
                            "normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for an exact match"
                            },
                            "not.normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for the matches that don't contain the value"
                            },
                            "not.normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for the matches that are not equal to the value"
                            },
                            "display_vendor": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for the matches that contain the value"
                            },
                            "display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for an exact match"
                            },
                            "not.display_vendor": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for the matches that don't contain the value"
                            },
                            "not.display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for the matches that are not equal to the value"
                            },
                            "product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for the matches that contain the value"
                            },
                            "product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product. Search for an exact match"
                            },
                            "not.product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for the matches that don't contain the value"
                            },
                            "not.product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product. Search for the matches that are not equal to the value"
                            },
                            "normalized_product": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for the matches that contain the value"
                            },
                            "normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for an exact match"
                            },
                            "not.normalized_product": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for the matches that don't contain the value"
                            },
                            "not.normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for the matches that are not equal to the value"
                            },
                            "display_product": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for the matches that contain the value"
                            },
                            "display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for an exact match"
                            },
                            "not.display_product": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for the matches that don't contain the value"
                            },
                            "not.display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for the matches that are not equal to the value"
                            },
                            "installed_version": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for the matches that contain the value"
                            },
                            "installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for an exact match"
                            },
                            "not.installed_version": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for the matches that don't contain the value"
                            },
                            "not.installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for the matches that are not equal to the value"
                            },
                            "normaliazed_installed_version": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for the matches that contain the value"
                            },
                            "normaliazed_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for an exact match"
                            },
                            "not.normaliazed_installed_version": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for the matches that don't contain the value"
                            },
                            "not.normaliazed_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for the matches that are not equal to the value"
                            },
                            "display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for the matches that contain the value"
                            },
                            "display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for an exact match"
                            },
                            "not.display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for the matches that don't contain the value"
                            },
                            "not.display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the matches that contain the value"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for an exact match"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the matches that contain the value"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for an exact match"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the matches that contain the value"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for an exact match"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_platforms": {
                              "type": "array",
                              "title": "Filter the search by multiple os_info.os_platform. Search for exact matches",
                              "items": {
                                "type": "string"
                              }
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the matches that contain the value"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the matches that contain the value"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the matches that are not equal to the value"
                            },
                            "installation_date_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been created before the specified date"
                            },
                            "installation_date_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been installed after the specified date"
                            },
                            "created_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been created before the specified date"
                            },
                            "created_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been installed after the specified date"
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Aliases for this machine"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for the matches that contain the value"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for an exact match"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for the matches that don't contain the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for the matches that are not equal to the value"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for the matches that contain the value"
                            },
                            "object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for an exact match"
                            },
                            "not.object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for the matches that don't contain the value"
                            },
                            "not.object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for the matches that are not equal to the value"
                            },
                            "latest_version_available": {
                              "type": "string",
                              "title": "Filter the search by latest_version_available. Search for an exact match"
                            },
                            "latest_version_available.keyword": {
                              "type": "string",
                              "title": "Filter the search by latest_version_available.keyword. Search for the matches that contain the value"
                            },
                            "not.latest_version_available": {
                              "type": "string",
                              "title": "Filter the search by not.latest_version_available. Search for the matches that are not equal to the value"
                            },
                            "not.latest_version_available.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.latest_version_available.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by cves. Search for an exact match"
                            },
                            "cves.keyword": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by cves.keyword. Search for the matches that contain the value"
                            },
                            "not.cves": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by not.cves. Search for the matches that are not equal to the value"
                            },
                            "not.cves.keyword": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by not.cves.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.unknown": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.unknown. Search for an exact match"
                            },
                            "cves_by_status.unknown.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.unknown.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.unknown": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.unknown. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.unknown.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.unknown.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.low": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.low. Search for an exact match"
                            },
                            "cves_by_status.low.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.low.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.low": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.low. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.low.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.low.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.medium": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.medium. Search for an exact match"
                            },
                            "cves_by_status.medium.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.medium.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.medium": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.medium. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.medium.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.medium.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.high": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.high. Search for an exact match"
                            },
                            "cves_by_status.high.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.high.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.high": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.high. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.high.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.high.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.critical": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.critical. Search for an exact match"
                            },
                            "cves_by_status.critical.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.critical.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.critical": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.critical. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.critical.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.critical.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_score": {
                              "type": "string",
                              "title": "Filter the search by cves_score. Search for an exact match"
                            },
                            "cves_count": {
                              "type": "string",
                              "title": "Filter the search by cves_count. Search for an exact match"
                            },
                            "product_signature": {
                              "type": "number",
                              "title": "Filter the search by product_signature. Search for an exact match"
                            },
                            "cves_count_by_status.unknown": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.unknown. Search for an exact match"
                            },
                            "cves_count_by_status.low": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.low. Search for an exact match"
                            },
                            "cves_count_by_status.medium": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.medium. Search for an exact match"
                            },
                            "cves_count_by_status.high": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.high. Search for an exact match"
                            },
                            "cves_count_by_status.critical": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.critical. Search for an exact match"
                            },
                            "language": {
                              "type": "string",
                              "title": "Filter the search by language. Search for an exact match"
                            },
                            "language.keyword": {
                              "type": "string",
                              "title": "Filter the search by language.keyword. Search for the matches that contain the value"
                            },
                            "not.language": {
                              "type": "string",
                              "title": "Filter the search by not.language. Search for the matches that are not equal to the value"
                            },
                            "not.language.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.language.keyword. Search for the matches that doesnt contain the value"
                            },
                            "architecture": {
                              "type": "string",
                              "title": "Filter the search by architecture. Search for an exact match"
                            },
                            "architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by architecture.keyword. Search for the matches that contain the value"
                            },
                            "not.architecture": {
                              "type": "string",
                              "title": "Filter the search by not.architecture. Search for the matches that are not equal to the value"
                            },
                            "not.architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.architecture.keyword. Search for the matches that doesnt contain the value"
                            },
                            "supports_update": {
                              "type": "boolean",
                              "title": "Filter the search by supports_update. Search for an exact match"
                            },
                            "not.supports_update": {
                              "type": "boolean",
                              "title": "Filter the search by not.supports_update. Search for the matches that are not equal to the value"
                            },
                            "update_available": {
                              "type": "boolean",
                              "title": "Filter the search by update_available. Search for an exact match"
                            },
                            "exists": {
                              "type": "array",
                              "title": "Filter the results for records that have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "account_name",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "name_multi_search",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "installation_date",
                                  "created_at",
                                  "object_guid",
                                  "latest_version_available",
                                  "cves",
                                  "cves_by_status.unknown",
                                  "cves_by_status.low",
                                  "cves_by_status.medium",
                                  "cves_by_status.high",
                                  "cves_by_status.critical",
                                  "cves_score",
                                  "cves_count",
                                  "cves_count_by_status.unknown",
                                  "cves_count_by_status.low",
                                  "cves_count_by_status.medium",
                                  "cves_count_by_status.high",
                                  "cves_count_by_status.critical",
                                  "language",
                                  "architecture",
                                  "product_signature",
                                  "supports_update",
                                  "update_available"
                                ]
                              }
                            },
                            "not.exists": {
                              "type": "array",
                              "title": "Filter out the results for records that doesn't have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "account_name",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "name_multi_search",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "installation_date",
                                  "created_at",
                                  "object_guid",
                                  "latest_version_available",
                                  "cves",
                                  "cves_by_status.unknown",
                                  "cves_by_status.low",
                                  "cves_by_status.medium",
                                  "cves_by_status.high",
                                  "cves_by_status.critical",
                                  "cves_score",
                                  "cves_count",
                                  "cves_count_by_status.unknown",
                                  "cves_count_by_status.low",
                                  "cves_count_by_status.medium",
                                  "cves_count_by_status.high",
                                  "cves_count_by_status.critical",
                                  "language",
                                  "architecture",
                                  "product_signature",
                                  "supports_update",
                                  "update_available"
                                ]
                              }
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "account_id",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "account_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "name_multi_search",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "installation_date",
                                "created_at",
                                "object_guid",
                                "latest_version_available",
                                "cves",
                                "cves_by_status.unknown",
                                "cves_by_status.low",
                                "cves_by_status.medium",
                                "cves_by_status.high",
                                "cves_by_status.critical",
                                "cves_score",
                                "cves_count",
                                "cves_count_by_status.unknown",
                                "cves_count_by_status.low",
                                "cves_count_by_status.medium",
                                "cves_count_by_status.high",
                                "cves_count_by_status.critical",
                                "language",
                                "architecture",
                                "product_signature",
                                "supports_update",
                                "update_available",
                                "domain_name"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "account_id",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "object_guid",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "latest_version_available",
                                  "cves",
                                  "cves_by_status.unknown",
                                  "cves_by_status.low",
                                  "cves_by_status.medium",
                                  "cves_by_status.high",
                                  "cves_by_status.critical",
                                  "supports_update",
                                  "update_available",
                                  "language",
                                  "architecture"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Assets"
        ],
        "operationId": "api.nebula.post.export.assets.software"
      }
    },
    "/nebula/v1/assets/software/export/async": {
      "post": {
        "description": "Export assets software asynchronously.",
        "summary": "Export assets software asynchronously",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "machine_id",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "installation_date",
                            "account_name",
                            "host_name",
                            "fully_qualified_host_name",
                            "domain_name",
                            "alias",
                            "created_at",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "object_guid",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical",
                            "cves_score",
                            "cves_count",
                            "cves_count_by_status.unknown",
                            "cves_count_by_status.low",
                            "cves_count_by_status.medium",
                            "cves_count_by_status.high",
                            "cves_count_by_status.critical",
                            "language",
                            "architecture",
                            "product_signature",
                            "update_available",
                            "supports_update"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for an exact match"
                            },
                            "not.parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for the matches that are not equal to the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for the matches that are not equal to the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for an exact match"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for the matches that are not equal to the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for the matches that are not equal to the value"
                            },
                            "account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the matches that contain the value"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for an exact match"
                            },
                            "not.account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the matches that don't contain the value"
                            },
                            "not.account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the matches that are not equal to the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the matches that contain the value"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for an exact match"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the matches that don't contain the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the matches that are not equal to the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the matches that contain the value"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the matches that don't contain the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the matches that are not equal to the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for an exact match"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the matches that contain the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the matches that are not equal to the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the matches that do not contain the value"
                            },
                            "alias": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for the matches that contain the value"
                            },
                            "alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for an exact match"
                            },
                            "not.alias": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for the matches that don't contain the value"
                            },
                            "not.alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by aliasn. Search for the matches that are not equal to the value"
                            },
                            "vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for the matches that contain the value"
                            },
                            "vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for an exact match"
                            },
                            "not.vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for the matches that don't contain the value"
                            },
                            "not.vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for the matches that are not equal to the value"
                            },
                            "normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for the matches that contain the value"
                            },
                            "normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for an exact match"
                            },
                            "not.normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for the matches that don't contain the value"
                            },
                            "not.normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for the matches that are not equal to the value"
                            },
                            "display_vendor": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for the matches that contain the value"
                            },
                            "display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for an exact match"
                            },
                            "not.display_vendor": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for the matches that don't contain the value"
                            },
                            "not.display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for the matches that are not equal to the value"
                            },
                            "product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for the matches that contain the value"
                            },
                            "product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product. Search for an exact match"
                            },
                            "not.product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for the matches that don't contain the value"
                            },
                            "not.product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product. Search for the matches that are not equal to the value"
                            },
                            "normalized_product": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for the matches that contain the value"
                            },
                            "normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for an exact match"
                            },
                            "not.normalized_product": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for the matches that don't contain the value"
                            },
                            "not.normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for the matches that are not equal to the value"
                            },
                            "display_product": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for the matches that contain the value"
                            },
                            "display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for an exact match"
                            },
                            "not.display_product": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for the matches that don't contain the value"
                            },
                            "not.display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for the matches that are not equal to the value"
                            },
                            "installed_version": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for the matches that contain the value"
                            },
                            "installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for an exact match"
                            },
                            "not.installed_version": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for the matches that don't contain the value"
                            },
                            "not.installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for the matches that are not equal to the value"
                            },
                            "normaliazed_installed_version": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for the matches that contain the value"
                            },
                            "normaliazed_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for an exact match"
                            },
                            "not.normaliazed_installed_version": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for the matches that don't contain the value"
                            },
                            "not.normaliazed_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for the matches that are not equal to the value"
                            },
                            "display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for the matches that contain the value"
                            },
                            "display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for an exact match"
                            },
                            "not.display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for the matches that don't contain the value"
                            },
                            "not.display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the matches that contain the value"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for an exact match"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the matches that contain the value"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for an exact match"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the matches that contain the value"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for an exact match"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_platforms": {
                              "type": "array",
                              "title": "Filter the search by multiple os_info.os_platform. Search for exact matches",
                              "items": {
                                "type": "string"
                              }
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the matches that contain the value"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the matches that are not equal to the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the matches that contain the value"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the matches that don't contain the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the matches that are not equal to the value"
                            },
                            "installation_date_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been created before the specified date"
                            },
                            "installation_date_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been installed after the specified date"
                            },
                            "created_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been created before the specified date"
                            },
                            "created_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include assets that have been installed after the specified date"
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Aliases for this machine"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for the matches that contain the value"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for an exact match"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for the matches that don't contain the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group name. Search for the matches that are not equal to the value"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for the matches that contain the value"
                            },
                            "object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for an exact match"
                            },
                            "not.object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for the matches that don't contain the value"
                            },
                            "not.object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for the matches that are not equal to the value"
                            },
                            "latest_version_available": {
                              "type": "string",
                              "title": "Filter the search by latest_version_available. Search for an exact match"
                            },
                            "latest_version_available.keyword": {
                              "type": "string",
                              "title": "Filter the search by latest_version_available.keyword. Search for the matches that contain the value"
                            },
                            "not.latest_version_available": {
                              "type": "string",
                              "title": "Filter the search by not.latest_version_available. Search for the matches that are not equal to the value"
                            },
                            "not.latest_version_available.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.latest_version_available.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by cves. Search for an exact match"
                            },
                            "cves.keyword": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by cves.keyword. Search for the matches that contain the value"
                            },
                            "not.cves": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by not.cves. Search for the matches that are not equal to the value"
                            },
                            "not.cves.keyword": {
                              "type": "array",
                              "items": {
                                "type": "string"
                              },
                              "title": "Filter the search by not.cves.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.unknown": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.unknown. Search for an exact match"
                            },
                            "cves_by_status.unknown.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.unknown.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.unknown": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.unknown. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.unknown.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.unknown.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.low": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.low. Search for an exact match"
                            },
                            "cves_by_status.low.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.low.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.low": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.low. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.low.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.low.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.medium": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.medium. Search for an exact match"
                            },
                            "cves_by_status.medium.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.medium.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.medium": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.medium. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.medium.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.medium.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.high": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.high. Search for an exact match"
                            },
                            "cves_by_status.high.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.high.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.high": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.high. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.high.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.high.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_by_status.critical": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.critical. Search for an exact match"
                            },
                            "cves_by_status.critical.keyword": {
                              "type": "string",
                              "title": "Filter the search by cves_by_status.critical.keyword. Search for the matches that contain the value"
                            },
                            "not.cves_by_status.critical": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.critical. Search for the matches that are not equal to the value"
                            },
                            "not.cves_by_status.critical.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cves_by_status.critical.keyword. Search for the matches that doesnt contain the value"
                            },
                            "cves_score": {
                              "type": "string",
                              "title": "Filter the search by cves_score. Search for an exact match"
                            },
                            "cves_count": {
                              "type": "string",
                              "title": "Filter the search by cves_count. Search for an exact match"
                            },
                            "product_signature": {
                              "type": "number",
                              "title": "Filter the search by product_signature. Search for an exact match"
                            },
                            "cves_count_by_status.unknown": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.unknown. Search for an exact match"
                            },
                            "cves_count_by_status.low": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.low. Search for an exact match"
                            },
                            "cves_count_by_status.medium": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.medium. Search for an exact match"
                            },
                            "cves_count_by_status.high": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.high. Search for an exact match"
                            },
                            "cves_count_by_status.critical": {
                              "type": "string",
                              "title": "Filter the search by cves_count_by_status.critical. Search for an exact match"
                            },
                            "language": {
                              "type": "string",
                              "title": "Filter the search by language. Search for an exact match"
                            },
                            "language.keyword": {
                              "type": "string",
                              "title": "Filter the search by language.keyword. Search for the matches that contain the value"
                            },
                            "not.language": {
                              "type": "string",
                              "title": "Filter the search by not.language. Search for the matches that are not equal to the value"
                            },
                            "not.language.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.language.keyword. Search for the matches that doesnt contain the value"
                            },
                            "architecture": {
                              "type": "string",
                              "title": "Filter the search by architecture. Search for an exact match"
                            },
                            "architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by architecture.keyword. Search for the matches that contain the value"
                            },
                            "not.architecture": {
                              "type": "string",
                              "title": "Filter the search by not.architecture. Search for the matches that are not equal to the value"
                            },
                            "not.architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.architecture.keyword. Search for the matches that doesnt contain the value"
                            },
                            "supports_update": {
                              "type": "boolean",
                              "title": "Filter the search by supports_update. Search for an exact match"
                            },
                            "not.supports_update": {
                              "type": "boolean",
                              "title": "Filter the search by not.supports_update. Search for the matches that are not equal to the value"
                            },
                            "update_available": {
                              "type": "boolean",
                              "title": "Filter the search by update_available. Search for an exact match"
                            },
                            "exists": {
                              "type": "array",
                              "title": "Filter the results for records that have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "account_name",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "name_multi_search",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "installation_date",
                                  "created_at",
                                  "object_guid",
                                  "latest_version_available",
                                  "cves",
                                  "cves_by_status.unknown",
                                  "cves_by_status.low",
                                  "cves_by_status.medium",
                                  "cves_by_status.high",
                                  "cves_by_status.critical",
                                  "cves_score",
                                  "cves_count",
                                  "cves_count_by_status.unknown",
                                  "cves_count_by_status.low",
                                  "cves_count_by_status.medium",
                                  "cves_count_by_status.high",
                                  "cves_count_by_status.critical",
                                  "language",
                                  "architecture",
                                  "product_signature",
                                  "supports_update",
                                  "update_available"
                                ]
                              }
                            },
                            "not.exists": {
                              "type": "array",
                              "title": "Filter out the results for records that doesn't have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "account_name",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "name_multi_search",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "installation_date",
                                  "created_at",
                                  "object_guid",
                                  "latest_version_available",
                                  "cves",
                                  "cves_by_status.unknown",
                                  "cves_by_status.low",
                                  "cves_by_status.medium",
                                  "cves_by_status.high",
                                  "cves_by_status.critical",
                                  "cves_score",
                                  "cves_count",
                                  "cves_count_by_status.unknown",
                                  "cves_count_by_status.low",
                                  "cves_count_by_status.medium",
                                  "cves_count_by_status.high",
                                  "cves_count_by_status.critical",
                                  "language",
                                  "architecture",
                                  "product_signature",
                                  "supports_update",
                                  "update_available"
                                ]
                              }
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "account_id",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "account_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "name_multi_search",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "installation_date",
                                "created_at",
                                "object_guid",
                                "latest_version_available",
                                "cves",
                                "cves_by_status.unknown",
                                "cves_by_status.low",
                                "cves_by_status.medium",
                                "cves_by_status.high",
                                "cves_by_status.critical",
                                "cves_score",
                                "cves_count",
                                "cves_count_by_status.unknown",
                                "cves_count_by_status.low",
                                "cves_count_by_status.medium",
                                "cves_count_by_status.high",
                                "cves_count_by_status.critical",
                                "language",
                                "architecture",
                                "product_signature",
                                "supports_update",
                                "update_available",
                                "domain_name"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "account_id",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "object_guid",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "latest_version_available",
                                  "cves",
                                  "cves_by_status.unknown",
                                  "cves_by_status.low",
                                  "cves_by_status.medium",
                                  "cves_by_status.high",
                                  "cves_by_status.critical",
                                  "supports_update",
                                  "update_available",
                                  "language",
                                  "architecture"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Assets"
        ],
        "operationId": "api.nebula.post.export.assets.software.async"
      }
    },
    "/nebula/v1/assets/software": {
      "post": {
        "description": "Search assets software.",
        "summary": "Search assets software",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "properties": {
                  "parent_account_id": {
                    "type": "string",
                    "title": "Filter the search by parent_account_id. Search for an exact match"
                  },
                  "not.parent_account_id": {
                    "type": "string",
                    "title": "Filter the search by parent_account_id. Search for the matches that are not equal to the value"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter the search by group_id. Search for an exact match"
                  },
                  "not.group_id": {
                    "type": "string",
                    "title": "Filter the search by group_id. Search for the matches that are not equal to the value"
                  },
                  "root_group_id": {
                    "type": "string",
                    "title": "Filter the search by root_group_id. Search for an exact match"
                  },
                  "not.root_group_id": {
                    "type": "string",
                    "title": "Filter the search by root_group_id. Search for the matches that are not equal to the value"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Filter the search by machine_id. Search for an exact match"
                  },
                  "not.machine_id": {
                    "type": "string",
                    "title": "Filter the search by machine_id. Search for the matches that are not equal to the value"
                  },
                  "account_name": {
                    "type": "string",
                    "title": "Filter the search by account_name. Search for the matches that contain the value"
                  },
                  "account_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by account_name. Search for an exact match"
                  },
                  "not.account_name": {
                    "type": "string",
                    "title": "Filter the search by account_name. Search for the matches that don't contain the value"
                  },
                  "not.account_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by account_name. Search for the matches that are not equal to the value"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for the matches that contain the value"
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for an exact match"
                  },
                  "not.host_name": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for the matches that don't contain the value"
                  },
                  "not.host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for the matches that are not equal to the value"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for the matches that contain the value"
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                  },
                  "not.fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for the matches that don't contain the value"
                  },
                  "not.fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for the matches that are not equal to the value"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for an exact match"
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for the matches that contain the value"
                  },
                  "not.domain_name": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for the matches that are not equal to the value"
                  },
                  "not.domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for the matches that do not contain the value"
                  },
                  "alias": {
                    "type": "string",
                    "title": "Filter the search by aliasn. Search for the matches that contain the value"
                  },
                  "alias.keyword": {
                    "type": "string",
                    "title": "Filter the search by aliasn. Search for an exact match"
                  },
                  "not.alias": {
                    "type": "string",
                    "title": "Filter the search by aliasn. Search for the matches that don't contain the value"
                  },
                  "not.alias.keyword": {
                    "type": "string",
                    "title": "Filter the search by aliasn. Search for the matches that are not equal to the value"
                  },
                  "vendor": {
                    "type": "string",
                    "title": "Filter the search by vendor. Search for the matches that contain the value"
                  },
                  "vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by vendor. Search for an exact match"
                  },
                  "not.vendor": {
                    "type": "string",
                    "title": "Filter the search by vendor. Search for the matches that don't contain the value"
                  },
                  "not.vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by vendor. Search for the matches that are not equal to the value"
                  },
                  "normalized_vendor": {
                    "type": "string",
                    "title": "Filter the search by normalized_vendor. Search for the matches that contain the value"
                  },
                  "normalized_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_vendor. Search for an exact match"
                  },
                  "not.normalized_vendor": {
                    "type": "string",
                    "title": "Filter the search by normalized_vendor. Search for the matches that don't contain the value"
                  },
                  "not.normalized_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_vendor. Search for the matches that are not equal to the value"
                  },
                  "display_vendor": {
                    "type": "string",
                    "title": "Filter the search by display_vendor. Search for the matches that contain the value"
                  },
                  "display_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_vendor. Search for an exact match"
                  },
                  "not.display_vendor": {
                    "type": "string",
                    "title": "Filter the search by display_vendor. Search for the matches that don't contain the value"
                  },
                  "not.display_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_vendor. Search for the matches that are not equal to the value"
                  },
                  "product": {
                    "type": "string",
                    "title": "Filter the search by product. Search for the matches that contain the value"
                  },
                  "product.keyword": {
                    "type": "string",
                    "title": "Filter the search by product. Search for an exact match"
                  },
                  "not.product": {
                    "type": "string",
                    "title": "Filter the search by product. Search for the matches that don't contain the value"
                  },
                  "not.product.keyword": {
                    "type": "string",
                    "title": "Filter the search by product. Search for the matches that are not equal to the value"
                  },
                  "normalized_product": {
                    "type": "string",
                    "title": "Filter the search by normalized_product. Search for the matches that contain the value"
                  },
                  "normalized_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_product. Search for an exact match"
                  },
                  "not.normalized_product": {
                    "type": "string",
                    "title": "Filter the search by normalized_product. Search for the matches that don't contain the value"
                  },
                  "not.normalized_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_product. Search for the matches that are not equal to the value"
                  },
                  "display_product": {
                    "type": "string",
                    "title": "Filter the search by display_product. Search for the matches that contain the value"
                  },
                  "display_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_product. Search for an exact match"
                  },
                  "not.display_product": {
                    "type": "string",
                    "title": "Filter the search by display_product. Search for the matches that don't contain the value"
                  },
                  "not.display_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_product. Search for the matches that are not equal to the value"
                  },
                  "installed_version": {
                    "type": "string",
                    "title": "Filter the search by installed_version. Search for the matches that contain the value"
                  },
                  "installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by installed_version. Search for an exact match"
                  },
                  "not.installed_version": {
                    "type": "string",
                    "title": "Filter the search by installed_version. Search for the matches that don't contain the value"
                  },
                  "not.installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by installed_version. Search for the matches that are not equal to the value"
                  },
                  "normaliazed_installed_version": {
                    "type": "string",
                    "title": "Filter the search by normalized_installed_version. Search for the matches that contain the value"
                  },
                  "normaliazed_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_installed_version. Search for an exact match"
                  },
                  "not.normaliazed_installed_version": {
                    "type": "string",
                    "title": "Filter the search by normalized_installed_version. Search for the matches that don't contain the value"
                  },
                  "not.normaliazed_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_installed_version. Search for the matches that are not equal to the value"
                  },
                  "display_installed_version": {
                    "type": "string",
                    "title": "Filter the search by display_installed_version. Search for the matches that contain the value"
                  },
                  "display_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_installed_version. Search for an exact match"
                  },
                  "not.display_installed_version": {
                    "type": "string",
                    "title": "Filter the search by display_installed_version. Search for the matches that don't contain the value"
                  },
                  "not.display_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_installed_version. Search for the matches that are not equal to the value"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for the matches that contain the value"
                  },
                  "os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for an exact match"
                  },
                  "not.os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for the matches that don't contain the value"
                  },
                  "not.os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for the matches that are not equal to the value"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for the matches that contain the value"
                  },
                  "os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for an exact match"
                  },
                  "not.os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for the matches that don't contain the value"
                  },
                  "not.os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for the matches that are not equal to the value"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for the matches that contain the value"
                  },
                  "os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for an exact match"
                  },
                  "not.os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for the matches that don't contain the value"
                  },
                  "not.os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for the matches that are not equal to the value"
                  },
                  "os_info.os_platforms": {
                    "type": "array",
                    "title": "Filter the search by multiple os_info.os_platform. Search for exact matches",
                    "items": {
                      "type": "string"
                    }
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for the matches that contain the value"
                  },
                  "os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                  },
                  "not.os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for the matches that don't contain the value"
                  },
                  "not.os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for the matches that are not equal to the value"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for the matches that contain the value"
                  },
                  "os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                  },
                  "not.os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for the matches that don't contain the value"
                  },
                  "not.os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for the matches that are not equal to the value"
                  },
                  "installation_date_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include assets that have been created before the specified date"
                  },
                  "installation_date_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include assets that have been installed after the specified date"
                  },
                  "created_at_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include assets that have been created before the specified date"
                  },
                  "created_at_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include assets that have been installed after the specified date"
                  },
                  "name_multi_search": {
                    "type": "string",
                    "title": "Aliases for this machine"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter the search by group name. Search for the matches that contain the value"
                  },
                  "group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by group name. Search for an exact match"
                  },
                  "not.group_name": {
                    "type": "string",
                    "title": "Filter the search by group name. Search for the matches that don't contain the value"
                  },
                  "not.group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by group name. Search for the matches that are not equal to the value"
                  },
                  "object_guid": {
                    "type": "string",
                    "title": "Filter the search by object_guid. Search for the matches that contain the value"
                  },
                  "object_guid.keyword": {
                    "type": "string",
                    "title": "Filter the search by object_guid. Search for an exact match"
                  },
                  "not.object_guid": {
                    "type": "string",
                    "title": "Filter the search by object_guid. Search for the matches that don't contain the value"
                  },
                  "not.object_guid.keyword": {
                    "type": "string",
                    "title": "Filter the search by object_guid. Search for the matches that are not equal to the value"
                  },
                  "latest_version_available": {
                    "type": "string",
                    "title": "Filter the search by latest_version_available. Search for an exact match"
                  },
                  "latest_version_available.keyword": {
                    "type": "string",
                    "title": "Filter the search by latest_version_available.keyword. Search for the matches that contain the value"
                  },
                  "not.latest_version_available": {
                    "type": "string",
                    "title": "Filter the search by not.latest_version_available. Search for the matches that are not equal to the value"
                  },
                  "not.latest_version_available.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.latest_version_available.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    },
                    "title": "Filter the search by cves. Search for an exact match"
                  },
                  "cves.keyword": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    },
                    "title": "Filter the search by cves.keyword. Search for the matches that contain the value"
                  },
                  "not.cves": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    },
                    "title": "Filter the search by not.cves. Search for the matches that are not equal to the value"
                  },
                  "not.cves.keyword": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    },
                    "title": "Filter the search by not.cves.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves_by_status.unknown": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.unknown. Search for an exact match"
                  },
                  "cves_by_status.unknown.keyword": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.unknown.keyword. Search for the matches that contain the value"
                  },
                  "not.cves_by_status.unknown": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.unknown. Search for the matches that are not equal to the value"
                  },
                  "not.cves_by_status.unknown.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.unknown.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves_by_status.low": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.low. Search for an exact match"
                  },
                  "cves_by_status.low.keyword": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.low.keyword. Search for the matches that contain the value"
                  },
                  "not.cves_by_status.low": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.low. Search for the matches that are not equal to the value"
                  },
                  "not.cves_by_status.low.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.low.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves_by_status.medium": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.medium. Search for an exact match"
                  },
                  "cves_by_status.medium.keyword": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.medium.keyword. Search for the matches that contain the value"
                  },
                  "not.cves_by_status.medium": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.medium. Search for the matches that are not equal to the value"
                  },
                  "not.cves_by_status.medium.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.medium.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves_by_status.high": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.high. Search for an exact match"
                  },
                  "cves_by_status.high.keyword": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.high.keyword. Search for the matches that contain the value"
                  },
                  "not.cves_by_status.high": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.high. Search for the matches that are not equal to the value"
                  },
                  "not.cves_by_status.high.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.high.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves_by_status.critical": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.critical. Search for an exact match"
                  },
                  "cves_by_status.critical.keyword": {
                    "type": "string",
                    "title": "Filter the search by cves_by_status.critical.keyword. Search for the matches that contain the value"
                  },
                  "not.cves_by_status.critical": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.critical. Search for the matches that are not equal to the value"
                  },
                  "not.cves_by_status.critical.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.cves_by_status.critical.keyword. Search for the matches that doesnt contain the value"
                  },
                  "cves_score": {
                    "type": "string",
                    "title": "Filter the search by cves_score. Search for an exact match"
                  },
                  "cves_count": {
                    "type": "string",
                    "title": "Filter the search by cves_count. Search for an exact match"
                  },
                  "product_signature": {
                    "type": "number",
                    "title": "Filter the search by product_signature. Search for an exact match"
                  },
                  "cves_count_by_status.unknown": {
                    "type": "string",
                    "title": "Filter the search by cves_count_by_status.unknown. Search for an exact match"
                  },
                  "cves_count_by_status.low": {
                    "type": "string",
                    "title": "Filter the search by cves_count_by_status.low. Search for an exact match"
                  },
                  "cves_count_by_status.medium": {
                    "type": "string",
                    "title": "Filter the search by cves_count_by_status.medium. Search for an exact match"
                  },
                  "cves_count_by_status.high": {
                    "type": "string",
                    "title": "Filter the search by cves_count_by_status.high. Search for an exact match"
                  },
                  "cves_count_by_status.critical": {
                    "type": "string",
                    "title": "Filter the search by cves_count_by_status.critical. Search for an exact match"
                  },
                  "language": {
                    "type": "string",
                    "title": "Filter the search by language. Search for an exact match"
                  },
                  "language.keyword": {
                    "type": "string",
                    "title": "Filter the search by language.keyword. Search for the matches that contain the value"
                  },
                  "not.language": {
                    "type": "string",
                    "title": "Filter the search by not.language. Search for the matches that are not equal to the value"
                  },
                  "not.language.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.language.keyword. Search for the matches that doesnt contain the value"
                  },
                  "architecture": {
                    "type": "string",
                    "title": "Filter the search by architecture. Search for an exact match"
                  },
                  "architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by architecture.keyword. Search for the matches that contain the value"
                  },
                  "not.architecture": {
                    "type": "string",
                    "title": "Filter the search by not.architecture. Search for the matches that are not equal to the value"
                  },
                  "not.architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.architecture.keyword. Search for the matches that doesnt contain the value"
                  },
                  "supports_update": {
                    "type": "boolean",
                    "title": "Filter the search by supports_update. Search for an exact match"
                  },
                  "not.supports_update": {
                    "type": "boolean",
                    "title": "Filter the search by not.supports_update. Search for the matches that are not equal to the value"
                  },
                  "update_available": {
                    "type": "boolean",
                    "title": "Filter the search by update_available. Search for an exact match"
                  },
                  "exists": {
                    "type": "array",
                    "title": "Filter the results for records that have these fields",
                    "items": {
                      "type": "string",
                      "enum": [
                        "account_id",
                        "parent_account_id",
                        "group_id",
                        "root_group_id",
                        "machine_id",
                        "account_name",
                        "host_name",
                        "fully_qualified_host_name",
                        "alias",
                        "name_multi_search",
                        "vendor",
                        "normalized_vendor",
                        "display_vendor",
                        "product",
                        "normalized_product",
                        "display_product",
                        "installed_version",
                        "normalized_installed_version",
                        "display_installed_version",
                        "os_info.os_type",
                        "os_info.os_version",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "os_info.os_release_name",
                        "installation_date",
                        "created_at",
                        "object_guid",
                        "latest_version_available",
                        "cves",
                        "cves_by_status.unknown",
                        "cves_by_status.low",
                        "cves_by_status.medium",
                        "cves_by_status.high",
                        "cves_by_status.critical",
                        "cves_score",
                        "cves_count",
                        "cves_count_by_status.unknown",
                        "cves_count_by_status.low",
                        "cves_count_by_status.medium",
                        "cves_count_by_status.high",
                        "cves_count_by_status.critical",
                        "language",
                        "architecture",
                        "product_signature",
                        "supports_update",
                        "update_available"
                      ]
                    }
                  },
                  "not.exists": {
                    "type": "array",
                    "title": "Filter out the results for records that doesn't have these fields",
                    "items": {
                      "type": "string",
                      "enum": [
                        "account_id",
                        "parent_account_id",
                        "group_id",
                        "root_group_id",
                        "machine_id",
                        "account_name",
                        "host_name",
                        "fully_qualified_host_name",
                        "alias",
                        "name_multi_search",
                        "vendor",
                        "normalized_vendor",
                        "display_vendor",
                        "product",
                        "normalized_product",
                        "display_product",
                        "installed_version",
                        "normalized_installed_version",
                        "display_installed_version",
                        "os_info.os_type",
                        "os_info.os_version",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "os_info.os_release_name",
                        "installation_date",
                        "created_at",
                        "object_guid",
                        "latest_version_available",
                        "cves",
                        "cves_by_status.unknown",
                        "cves_by_status.low",
                        "cves_by_status.medium",
                        "cves_by_status.high",
                        "cves_by_status.critical",
                        "cves_score",
                        "cves_count",
                        "cves_count_by_status.unknown",
                        "cves_count_by_status.low",
                        "cves_count_by_status.medium",
                        "cves_count_by_status.high",
                        "cves_count_by_status.critical",
                        "language",
                        "architecture",
                        "product_signature",
                        "supports_update",
                        "update_available"
                      ]
                    }
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "account_id",
                      "parent_account_id",
                      "group_id",
                      "root_group_id",
                      "machine_id",
                      "account_name",
                      "host_name",
                      "fully_qualified_host_name",
                      "alias",
                      "name_multi_search",
                      "vendor",
                      "normalized_vendor",
                      "display_vendor",
                      "product",
                      "normalized_product",
                      "display_product",
                      "installed_version",
                      "normalized_installed_version",
                      "display_installed_version",
                      "os_info.os_type",
                      "os_info.os_version",
                      "os_info.os_platform",
                      "os_info.os_architecture",
                      "os_info.os_release_name",
                      "installation_date",
                      "created_at",
                      "object_guid",
                      "latest_version_available",
                      "cves",
                      "cves_by_status.unknown",
                      "cves_by_status.low",
                      "cves_by_status.medium",
                      "cves_by_status.high",
                      "cves_by_status.critical",
                      "cves_score",
                      "cves_count",
                      "cves_count_by_status.unknown",
                      "cves_count_by_status.low",
                      "cves_count_by_status.medium",
                      "cves_count_by_status.high",
                      "cves_count_by_status.critical",
                      "language",
                      "architecture",
                      "product_signature",
                      "supports_update",
                      "update_available",
                      "domain_name"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "default": "asc",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "default": 50,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "account_id",
                        "parent_account_id",
                        "group_id",
                        "root_group_id",
                        "machine_id",
                        "host_name",
                        "fully_qualified_host_name",
                        "alias",
                        "vendor",
                        "normalized_vendor",
                        "display_vendor",
                        "product",
                        "normalized_product",
                        "display_product",
                        "installed_version",
                        "normalized_installed_version",
                        "display_installed_version",
                        "object_guid",
                        "os_info.os_type",
                        "os_info.os_version",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "os_info.os_release_name",
                        "latest_version_available",
                        "cves",
                        "cves_by_status.unknown",
                        "cves_by_status.low",
                        "cves_by_status.medium",
                        "cves_by_status.high",
                        "cves_by_status.critical",
                        "supports_update",
                        "update_available",
                        "language",
                        "architecture"
                      ]
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search assets software result",
                  "properties": {
                    "assets": {
                      "type": "array",
                      "items": {
                        "properties": {
                          "account_id": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "vendor": {
                            "type": "string"
                          },
                          "normalized_vendor": {
                            "type": "string"
                          },
                          "display_vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "normalized_product": {
                            "type": "string"
                          },
                          "display_product": {
                            "type": "string"
                          },
                          "installed_version": {
                            "type": "string"
                          },
                          "normalized_installed_version": {
                            "type": "string"
                          },
                          "display_installed_version": {
                            "type": "string"
                          },
                          "installation_date": {
                            "type": "string"
                          },
                          "language": {
                            "type": "string"
                          },
                          "architecture": {
                            "type": "string"
                          },
                          "product_signature": {
                            "type": "integer"
                          },
                          "account_name": {
                            "type": "string"
                          },
                          "host_name": {
                            "type": "string"
                          },
                          "fully_qualified_host_name": {
                            "type": "string"
                          },
                          "domain_name": {
                            "type": "string"
                          },
                          "alias": {
                            "type": "string"
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "object_guid": {
                            "type": "string"
                          },
                          "os_info": {
                            "properties": {
                              "os_type": {
                                "type": "string"
                              },
                              "os_version": {
                                "type": "string"
                              },
                              "os_platform": {
                                "type": "string"
                              },
                              "os_architecture": {
                                "type": "string"
                              },
                              "os_release_name": {
                                "type": "string"
                              }
                            }
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "cves": {
                            "type": "array",
                            "items": {
                              "type": "string"
                            }
                          },
                          "cves_count": {
                            "type": "integer"
                          },
                          "cves_score": {
                            "type": "number"
                          },
                          "cves_by_status": {
                            "properties": {
                              "none": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "low": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "medium": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "high": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "critical": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              }
                            }
                          },
                          "cves_count_by_status": {
                            "properties": {
                              "none": {
                                "type": "integer"
                              },
                              "low": {
                                "type": "integer"
                              },
                              "medium": {
                                "type": "integer"
                              },
                              "high": {
                                "type": "integer"
                              },
                              "critical": {
                                "type": "integer"
                              }
                            }
                          },
                          "latest_version_available": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "assets",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Assets"
        ],
        "operationId": "api.nebula.search.assets.software"
      }
    },
    "/nebula/v1/assets/software/search-groupby": {
      "post": {
        "description": "Search assets software grouped by a specific field.",
        "summary": "Search assets software groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Assets Search GroupBy Request",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "properties": {
                      "parent_account_id": {
                        "type": "string",
                        "title": "Filter the search by parent_account_id. Search for an exact match"
                      },
                      "not.parent_account_id": {
                        "type": "string",
                        "title": "Filter the search by parent_account_id. Search for the matches that are not equal to the value"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter the search by group_id. Search for an exact match"
                      },
                      "not.group_id": {
                        "type": "string",
                        "title": "Filter the search by group_id. Search for the matches that are not equal to the value"
                      },
                      "root_group_id": {
                        "type": "string",
                        "title": "Filter the search by root_group_id. Search for an exact match"
                      },
                      "not.root_group_id": {
                        "type": "string",
                        "title": "Filter the search by root_group_id. Search for the matches that are not equal to the value"
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "Filter the search by machine_id. Search for an exact match"
                      },
                      "not.machine_id": {
                        "type": "string",
                        "title": "Filter the search by machine_id. Search for the matches that are not equal to the value"
                      },
                      "account_name": {
                        "type": "string",
                        "title": "Filter the search by account_name. Search for the matches that contain the value"
                      },
                      "account_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by account_name. Search for an exact match"
                      },
                      "not.account_name": {
                        "type": "string",
                        "title": "Filter the search by account_name. Search for the matches that don't contain the value"
                      },
                      "not.account_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by account_name. Search for the matches that are not equal to the value"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for the matches that contain the value"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for an exact match"
                      },
                      "not.host_name": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for the matches that don't contain the value"
                      },
                      "not.host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for the matches that are not equal to the value"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for the matches that contain the value"
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                      },
                      "not.fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for the matches that don't contain the value"
                      },
                      "not.fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for the matches that are not equal to the value"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for an exact match"
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for the matches that contain the value"
                      },
                      "not.domain_name": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for the matches that are not equal to the value"
                      },
                      "not.domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for the matches that do not contain the value"
                      },
                      "alias": {
                        "type": "string",
                        "title": "Filter the search by aliasn. Search for the matches that contain the value"
                      },
                      "alias.keyword": {
                        "type": "string",
                        "title": "Filter the search by aliasn. Search for an exact match"
                      },
                      "not.alias": {
                        "type": "string",
                        "title": "Filter the search by aliasn. Search for the matches that don't contain the value"
                      },
                      "not.alias.keyword": {
                        "type": "string",
                        "title": "Filter the search by aliasn. Search for the matches that are not equal to the value"
                      },
                      "vendor": {
                        "type": "string",
                        "title": "Filter the search by vendor. Search for the matches that contain the value"
                      },
                      "vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by vendor. Search for an exact match"
                      },
                      "not.vendor": {
                        "type": "string",
                        "title": "Filter the search by vendor. Search for the matches that don't contain the value"
                      },
                      "not.vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by vendor. Search for the matches that are not equal to the value"
                      },
                      "normalized_vendor": {
                        "type": "string",
                        "title": "Filter the search by normalized_vendor. Search for the matches that contain the value"
                      },
                      "normalized_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_vendor. Search for an exact match"
                      },
                      "not.normalized_vendor": {
                        "type": "string",
                        "title": "Filter the search by normalized_vendor. Search for the matches that don't contain the value"
                      },
                      "not.normalized_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_vendor. Search for the matches that are not equal to the value"
                      },
                      "display_vendor": {
                        "type": "string",
                        "title": "Filter the search by display_vendor. Search for the matches that contain the value"
                      },
                      "display_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_vendor. Search for an exact match"
                      },
                      "not.display_vendor": {
                        "type": "string",
                        "title": "Filter the search by display_vendor. Search for the matches that don't contain the value"
                      },
                      "not.display_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_vendor. Search for the matches that are not equal to the value"
                      },
                      "product": {
                        "type": "string",
                        "title": "Filter the search by product. Search for the matches that contain the value"
                      },
                      "product.keyword": {
                        "type": "string",
                        "title": "Filter the search by product. Search for an exact match"
                      },
                      "not.product": {
                        "type": "string",
                        "title": "Filter the search by product. Search for the matches that don't contain the value"
                      },
                      "not.product.keyword": {
                        "type": "string",
                        "title": "Filter the search by product. Search for the matches that are not equal to the value"
                      },
                      "normalized_product": {
                        "type": "string",
                        "title": "Filter the search by normalized_product. Search for the matches that contain the value"
                      },
                      "normalized_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_product. Search for an exact match"
                      },
                      "not.normalized_product": {
                        "type": "string",
                        "title": "Filter the search by normalized_product. Search for the matches that don't contain the value"
                      },
                      "not.normalized_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_product. Search for the matches that are not equal to the value"
                      },
                      "display_product": {
                        "type": "string",
                        "title": "Filter the search by display_product. Search for the matches that contain the value"
                      },
                      "display_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_product. Search for an exact match"
                      },
                      "not.display_product": {
                        "type": "string",
                        "title": "Filter the search by display_product. Search for the matches that don't contain the value"
                      },
                      "not.display_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_product. Search for the matches that are not equal to the value"
                      },
                      "installed_version": {
                        "type": "string",
                        "title": "Filter the search by installed_version. Search for the matches that contain the value"
                      },
                      "installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by installed_version. Search for an exact match"
                      },
                      "not.installed_version": {
                        "type": "string",
                        "title": "Filter the search by installed_version. Search for the matches that don't contain the value"
                      },
                      "not.installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by installed_version. Search for the matches that are not equal to the value"
                      },
                      "normaliazed_installed_version": {
                        "type": "string",
                        "title": "Filter the search by normalized_installed_version. Search for the matches that contain the value"
                      },
                      "normaliazed_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_installed_version. Search for an exact match"
                      },
                      "not.normaliazed_installed_version": {
                        "type": "string",
                        "title": "Filter the search by normalized_installed_version. Search for the matches that don't contain the value"
                      },
                      "not.normaliazed_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_installed_version. Search for the matches that are not equal to the value"
                      },
                      "display_installed_version": {
                        "type": "string",
                        "title": "Filter the search by display_installed_version. Search for the matches that contain the value"
                      },
                      "display_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_installed_version. Search for an exact match"
                      },
                      "not.display_installed_version": {
                        "type": "string",
                        "title": "Filter the search by display_installed_version. Search for the matches that don't contain the value"
                      },
                      "not.display_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_installed_version. Search for the matches that are not equal to the value"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for the matches that contain the value"
                      },
                      "os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for an exact match"
                      },
                      "not.os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for the matches that don't contain the value"
                      },
                      "not.os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for the matches that are not equal to the value"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for the matches that contain the value"
                      },
                      "os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for an exact match"
                      },
                      "not.os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for the matches that don't contain the value"
                      },
                      "not.os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for the matches that are not equal to the value"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for the matches that contain the value"
                      },
                      "os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for an exact match"
                      },
                      "not.os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for the matches that don't contain the value"
                      },
                      "not.os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for the matches that are not equal to the value"
                      },
                      "os_info.os_platforms": {
                        "type": "array",
                        "title": "Filter the search by multiple os_info.os_platform. Search for exact matches",
                        "items": {
                          "type": "string"
                        }
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for the matches that contain the value"
                      },
                      "os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                      },
                      "not.os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for the matches that don't contain the value"
                      },
                      "not.os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for the matches that are not equal to the value"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for the matches that contain the value"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                      },
                      "not.os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for the matches that don't contain the value"
                      },
                      "not.os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for the matches that are not equal to the value"
                      },
                      "installation_date_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include assets that have been created before the specified date"
                      },
                      "installation_date_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include assets that have been installed after the specified date"
                      },
                      "created_at_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include assets that have been created before the specified date"
                      },
                      "created_at_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include assets that have been installed after the specified date"
                      },
                      "name_multi_search": {
                        "type": "string",
                        "title": "Aliases for this machine"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter the search by group name. Search for the matches that contain the value"
                      },
                      "group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by group name. Search for an exact match"
                      },
                      "not.group_name": {
                        "type": "string",
                        "title": "Filter the search by group name. Search for the matches that don't contain the value"
                      },
                      "not.group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by group name. Search for the matches that are not equal to the value"
                      },
                      "object_guid": {
                        "type": "string",
                        "title": "Filter the search by object_guid. Search for the matches that contain the value"
                      },
                      "object_guid.keyword": {
                        "type": "string",
                        "title": "Filter the search by object_guid. Search for an exact match"
                      },
                      "not.object_guid": {
                        "type": "string",
                        "title": "Filter the search by object_guid. Search for the matches that don't contain the value"
                      },
                      "not.object_guid.keyword": {
                        "type": "string",
                        "title": "Filter the search by object_guid. Search for the matches that are not equal to the value"
                      },
                      "latest_version_available": {
                        "type": "string",
                        "title": "Filter the search by latest_version_available. Search for an exact match"
                      },
                      "latest_version_available.keyword": {
                        "type": "string",
                        "title": "Filter the search by latest_version_available.keyword. Search for the matches that contain the value"
                      },
                      "not.latest_version_available": {
                        "type": "string",
                        "title": "Filter the search by not.latest_version_available. Search for the matches that are not equal to the value"
                      },
                      "not.latest_version_available.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.latest_version_available.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        },
                        "title": "Filter the search by cves. Search for an exact match"
                      },
                      "cves.keyword": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        },
                        "title": "Filter the search by cves.keyword. Search for the matches that contain the value"
                      },
                      "not.cves": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        },
                        "title": "Filter the search by not.cves. Search for the matches that are not equal to the value"
                      },
                      "not.cves.keyword": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        },
                        "title": "Filter the search by not.cves.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves_by_status.unknown": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.unknown. Search for an exact match"
                      },
                      "cves_by_status.unknown.keyword": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.unknown.keyword. Search for the matches that contain the value"
                      },
                      "not.cves_by_status.unknown": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.unknown. Search for the matches that are not equal to the value"
                      },
                      "not.cves_by_status.unknown.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.unknown.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves_by_status.low": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.low. Search for an exact match"
                      },
                      "cves_by_status.low.keyword": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.low.keyword. Search for the matches that contain the value"
                      },
                      "not.cves_by_status.low": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.low. Search for the matches that are not equal to the value"
                      },
                      "not.cves_by_status.low.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.low.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves_by_status.medium": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.medium. Search for an exact match"
                      },
                      "cves_by_status.medium.keyword": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.medium.keyword. Search for the matches that contain the value"
                      },
                      "not.cves_by_status.medium": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.medium. Search for the matches that are not equal to the value"
                      },
                      "not.cves_by_status.medium.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.medium.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves_by_status.high": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.high. Search for an exact match"
                      },
                      "cves_by_status.high.keyword": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.high.keyword. Search for the matches that contain the value"
                      },
                      "not.cves_by_status.high": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.high. Search for the matches that are not equal to the value"
                      },
                      "not.cves_by_status.high.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.high.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves_by_status.critical": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.critical. Search for an exact match"
                      },
                      "cves_by_status.critical.keyword": {
                        "type": "string",
                        "title": "Filter the search by cves_by_status.critical.keyword. Search for the matches that contain the value"
                      },
                      "not.cves_by_status.critical": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.critical. Search for the matches that are not equal to the value"
                      },
                      "not.cves_by_status.critical.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.cves_by_status.critical.keyword. Search for the matches that doesnt contain the value"
                      },
                      "cves_score": {
                        "type": "string",
                        "title": "Filter the search by cves_score. Search for an exact match"
                      },
                      "cves_count": {
                        "type": "string",
                        "title": "Filter the search by cves_count. Search for an exact match"
                      },
                      "product_signature": {
                        "type": "number",
                        "title": "Filter the search by product_signature. Search for an exact match"
                      },
                      "cves_count_by_status.unknown": {
                        "type": "string",
                        "title": "Filter the search by cves_count_by_status.unknown. Search for an exact match"
                      },
                      "cves_count_by_status.low": {
                        "type": "string",
                        "title": "Filter the search by cves_count_by_status.low. Search for an exact match"
                      },
                      "cves_count_by_status.medium": {
                        "type": "string",
                        "title": "Filter the search by cves_count_by_status.medium. Search for an exact match"
                      },
                      "cves_count_by_status.high": {
                        "type": "string",
                        "title": "Filter the search by cves_count_by_status.high. Search for an exact match"
                      },
                      "cves_count_by_status.critical": {
                        "type": "string",
                        "title": "Filter the search by cves_count_by_status.critical. Search for an exact match"
                      },
                      "language": {
                        "type": "string",
                        "title": "Filter the search by language. Search for an exact match"
                      },
                      "language.keyword": {
                        "type": "string",
                        "title": "Filter the search by language.keyword. Search for the matches that contain the value"
                      },
                      "not.language": {
                        "type": "string",
                        "title": "Filter the search by not.language. Search for the matches that are not equal to the value"
                      },
                      "not.language.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.language.keyword. Search for the matches that doesnt contain the value"
                      },
                      "architecture": {
                        "type": "string",
                        "title": "Filter the search by architecture. Search for an exact match"
                      },
                      "architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by architecture.keyword. Search for the matches that contain the value"
                      },
                      "not.architecture": {
                        "type": "string",
                        "title": "Filter the search by not.architecture. Search for the matches that are not equal to the value"
                      },
                      "not.architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.architecture.keyword. Search for the matches that doesnt contain the value"
                      },
                      "supports_update": {
                        "type": "boolean",
                        "title": "Filter the search by supports_update. Search for an exact match"
                      },
                      "not.supports_update": {
                        "type": "boolean",
                        "title": "Filter the search by not.supports_update. Search for the matches that are not equal to the value"
                      },
                      "update_available": {
                        "type": "boolean",
                        "title": "Filter the search by update_available. Search for an exact match"
                      },
                      "exists": {
                        "type": "array",
                        "title": "Filter the results for records that have these fields",
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "account_name",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "name_multi_search",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "installation_date",
                            "created_at",
                            "object_guid",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical",
                            "cves_score",
                            "cves_count",
                            "cves_count_by_status.unknown",
                            "cves_count_by_status.low",
                            "cves_count_by_status.medium",
                            "cves_count_by_status.high",
                            "cves_count_by_status.critical",
                            "language",
                            "architecture",
                            "product_signature",
                            "supports_update",
                            "update_available"
                          ]
                        }
                      },
                      "not.exists": {
                        "type": "array",
                        "title": "Filter out the results for records that doesn't have these fields",
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "account_name",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "name_multi_search",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "installation_date",
                            "created_at",
                            "object_guid",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical",
                            "cves_score",
                            "cves_count",
                            "cves_count_by_status.unknown",
                            "cves_count_by_status.low",
                            "cves_count_by_status.medium",
                            "cves_count_by_status.high",
                            "cves_count_by_status.critical",
                            "language",
                            "architecture",
                            "product_signature",
                            "supports_update",
                            "update_available"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "enum": [
                          "account_id",
                          "parent_account_id",
                          "group_id",
                          "root_group_id",
                          "machine_id",
                          "account_name",
                          "host_name",
                          "fully_qualified_host_name",
                          "alias",
                          "name_multi_search",
                          "vendor",
                          "normalized_vendor",
                          "display_vendor",
                          "product",
                          "normalized_product",
                          "display_product",
                          "installed_version",
                          "normalized_installed_version",
                          "display_installed_version",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "installation_date",
                          "created_at",
                          "object_guid",
                          "latest_version_available",
                          "cves",
                          "cves_by_status.unknown",
                          "cves_by_status.low",
                          "cves_by_status.medium",
                          "cves_by_status.high",
                          "cves_by_status.critical",
                          "cves_score",
                          "cves_count",
                          "cves_count_by_status.unknown",
                          "cves_count_by_status.low",
                          "cves_count_by_status.medium",
                          "cves_count_by_status.high",
                          "cves_count_by_status.critical",
                          "language",
                          "architecture",
                          "product_signature",
                          "supports_update",
                          "update_available",
                          "domain_name"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "default": "asc",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "default": 50,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "object_guid",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical",
                            "supports_update",
                            "update_available",
                            "language",
                            "architecture"
                          ]
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  },
                  {
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "type": "string",
                        "title": "The sort field Schema",
                        "enum": [
                          "account_id",
                          "parent_account_id",
                          "group_id",
                          "root_group_id",
                          "machine_id",
                          "account_name",
                          "host_name",
                          "fully_qualified_host_name",
                          "alias",
                          "vendor",
                          "normalized_vendor",
                          "display_vendor",
                          "product",
                          "normalized_product",
                          "display_product",
                          "installed_version",
                          "normalized_installed_version",
                          "display_installed_version",
                          "object_guid",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "latest_version_available",
                          "cves",
                          "cves_by_status.unknown",
                          "cves_by_status.low",
                          "cves_by_status.medium",
                          "cves_by_status.high",
                          "cves_by_status.critical",
                          "cves_score",
                          "cves_count",
                          "cves_count_by_status.unknown",
                          "cves_count_by_status.low",
                          "cves_count_by_status.medium",
                          "cves_count_by_status.high",
                          "cves_count_by_status.critical",
                          "language",
                          "architecture",
                          "product_signature",
                          "created_at",
                          "domain_name"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Assets Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": "string",
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "fully_qualified_host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "tags": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "The tags Schema (only for machine_id aggregation)"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account_id Schema (only for machine_id aggregation)"
                          },
                          "group_name": {
                            "type": "string",
                            "title": "The group name Schema (only for group_id aggregation)"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The account_name Schema (only for group_id and account_id aggregation)"
                          },
                          "signature_name": {
                            "type": "string",
                            "title": "The signature_name Schema (only for product_signature aggregation)"
                          },
                          "vendor": {
                            "type": "string",
                            "title": "The vendor Schema (only for product_signature aggregation)"
                          },
                          "platform": {
                            "type": "string",
                            "title": "The platform Schema (only for product_signature aggregation)"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Assets"
        ],
        "operationId": "api.nebula.search.assets.software.group"
      }
    },
    "/nebula/v1/endpoints/{id}": {
      "delete": {
        "description": "Delete a machine from the console",
        "summary": "Delete a machine",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.delete.endpoint"
      },
      "get": {
        "description": "Retrieve a single ID by its universally unique identifier.",
        "summary": "Get endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate_diag_info",
            "required": false,
            "in": "query",
            "schema": {
              "type": "boolean"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Get Endpoint By Id Body 200 Schema",
                  "required": [
                    "id",
                    "policy_id",
                    "group_id",
                    "name",
                    "online",
                    "is_deleted"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "ID of the endpoint (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "policy_id": {
                      "type": "string",
                      "title": "ID of the policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "group_id": {
                      "type": "string",
                      "title": "ID of the group (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "The Name of the endpoint"
                    },
                    "online": {
                      "type": "boolean",
                      "title": "Whether the endpoint is online or not"
                    },
                    "is_deleted": {
                      "type": "boolean",
                      "title": "Whether the endpoint was deleted"
                    },
                    "os_architecture": {
                      "type": "string",
                      "title": "OS architecture"
                    },
                    "os_platform": {
                      "type": "string",
                      "title": "OS platform"
                    },
                    "os_release_name": {
                      "type": "string",
                      "title": "OS release name"
                    },
                    "last_seen_at": {
                      "type": "string",
                      "title": "The last time the endpoint checked in as online (max 1 per hour) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "tags": {
                      "type": "object",
                      "title": "Tags for this machine",
                      "additionalProperties": true
                    },
                    "stats": {
                      "type": "object",
                      "additionalProperties": true
                    },
                    "diag_info": {
                      "type": "object",
                      "title": "Information on diagnostic logs",
                      "properties": {
                        "has_diag_logs": {
                          "type": "boolean",
                          "title": "Indicates whether diagnostic logs are available"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.get.endpoint.id"
      }
    },
    "/nebula/v1/endpoints": {
      "delete": {
        "description": "Use this endpoint to mark machines as deleted.\nThis API endpoint allows you to specify queries instead of explicitly specifying endpoint ids.\n\n> **Be extremely cautious**: If you don't specify any constraint, all your endpoints will match the search and be deleted. For example, the following payload:\n```json\n    \"queries\": [{}]\n```\nwill select all the machines in your account. Always test the result of your query using the [Search endpoints APIs](#operation/api.v2.nebula.post.endpoints)\n\nIf you want to mark all of your `Mac Os` endpoints as deleted across two of your manages sites, and on all your endpoints for a certain account with policy matching the string `serious policy`, do the following:\n\n```json\n    \"queries\": [{ \n        \"os_info.os_platform\": \"Mac Os\"\n    }, {\n        \"policy_name\": \"serious policy\"    \n    }]\n```\nThe constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted.\n",
        "summary": "Delete multiple machines",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Delete in bulk",
                "required": [
                  "queries"
                ],
                "properties": {
                  "queries": {
                    "type": "array",
                    "title": "Groups",
                    "items": {
                      "type": "object",
                      "title": "Group items",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "name_multi_search": {
                              "type": "string",
                              "title": "Search either alias, host name of fully qualified host name"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified id"
                            },
                            "is_isolated": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoints are isolated or not"
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "Indicates whether the agent has an available update"
                            },
                            "has_alerts": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoint needs attention"
                            },
                            "alerts.codes": {
                              "type": "string",
                              "title": "Alert codes"
                            },
                            "suspicious_activity_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints that have open suspicious activities"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints needing a reboot"
                            },
                            "infection_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints with one or more security threats found"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (id)"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (name)"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy etag"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified domain name"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified engine version"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Last user that logged into the machine"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "alias": {
                              "type": "string",
                              "title": "Aliases for the machine"
                            },
                            "plugins.siem.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM plugin version"
                            },
                            "plugins.siem.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM alerts"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                            },
                            "plugins.browser_phishing_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                            },
                            "plugins.incident_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin version"
                            },
                            "plugins.incident_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin alerts"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin version"
                            },
                            "plugins.endpoint_detection_and_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                            },
                            "plugins.endpoint_protection.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP update package version"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with wildcard EP update package version"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP component package version"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP SDK version"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin version"
                            },
                            "plugins.endpoint_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin alerts"
                            },
                            "plugins.asset_manager.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager plugin version"
                            },
                            "plugins.asset_manager.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager alerts"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified, fully qualified host name"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified host name"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS architecture"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS version"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS type"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS description"
                            },
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS MAC address"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified ips"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by specified engine version."
                            },
                            "engine_version_gt": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than specified value."
                            },
                            "engine_version_gte": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than or equal to specified value."
                            },
                            "engine_version_lt": {
                              "type": "string",
                              "title": "Filter the search by engine version less than specified value."
                            },
                            "engine_version_lte": {
                              "type": "string",
                              "title": "Filter the search by engine version less than or equal to specified value."
                            },
                            "protection_status": {
                              "type": "string",
                              "title": "Protection status of the endpoint(s)",
                              "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group's name"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Source location city filter"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Source location country filter"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Source location country_iso filter"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Source location continent filter"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Source location time_zone filter"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Source location postal_code filter"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Source location subdivisions filter"
                            },
                            "source_location.is_anonymous_proxy": {
                              "type": "boolean",
                              "title": "Source location is_anonymous_proxy filter"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "machine_ip filter"
                            },
                            "serial_number": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "serial_number.keyword": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "object_guid filter"
                            },
                            "is_deleted": {
                              "type": "boolean",
                              "default": false,
                              "nullable": true,
                              "title": "is_deleted filter"
                            },
                            "vulnerabilities_found_total_gt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gt"
                            },
                            "vulnerabilities_found_total_lt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lt"
                            },
                            "vulnerabilities_found_total_gte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gte"
                            },
                            "vulnerabilities_found_total_lte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lte"
                            },
                            "connected": {
                              "type": "boolean",
                              "title": "connected"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "multi_sort": {
                              "type": "array",
                              "title": "The multi_sort schema",
                              "items": {
                                "type": "object",
                                "title": "Sort field and direction",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Sort field",
                                    "enum": [
                                      "at",
                                      "nics.ips",
                                      "nics.mac_address",
                                      "nics.description",
                                      "os_info.os_type",
                                      "os_info.os_version",
                                      "os_info.os_platform",
                                      "os_info.os_architecture",
                                      "os_info.os_release_name",
                                      "host_name",
                                      "fully_qualified_host_name",
                                      "plugins.asset_manager.plugin_version",
                                      "plugins.asset_manager.reboot_reason",
                                      "plugins.endpoint_protection.plugin_version",
                                      "plugins.endpoint_protection.sdk_version",
                                      "plugins.endpoint_protection.component_package_version",
                                      "plugins.endpoint_protection.update_package_version",
                                      "plugins.endpoint_protection.reboot_reason",
                                      "plugins.endpoint_detection_and_response.plugin_version",
                                      "plugins.endpoint_detection_and_response.reboot_reason",
                                      "plugins.incident_response.plugin_version",
                                      "plugins.incident_response.reboot_reason",
                                      "plugins.siem.plugin_version",
                                      "plugins.browser_phishing_protection.plugin_version",
                                      "plugins.siem.reboot_reason",
                                      "engine_version",
                                      "domain_name",
                                      "policy_etag",
                                      "account_id",
                                      "group_id",
                                      "root_group_id",
                                      "group_name",
                                      "policy_name",
                                      "policy_id",
                                      "deleted_at",
                                      "created_at",
                                      "marked_for_deletion",
                                      "is_deleted",
                                      "last_day_seen",
                                      "last_scanned_at",
                                      "last_user",
                                      "tags.alias",
                                      "name_multi_search",
                                      "machine_ip",
                                      "serial_number",
                                      "object_guid",
                                      "vulnerabilities_found.critical",
                                      "vulnerabilities_found.high",
                                      "vulnerabilities_found.medium",
                                      "vulnerabilities_found.low",
                                      "vulnerabilities_found.none",
                                      "vulnerabilities_found.total",
                                      "os_patches_available",
                                      "last_assets_scan_at",
                                      "connected"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Direction",
                                    "enum": [
                                      "asc",
                                      "desc"
                                    ]
                                  },
                                  "missing": {
                                    "type": "string",
                                    "title": "Missing values sorting",
                                    "enum": [
                                      "_first",
                                      "_last"
                                    ]
                                  }
                                }
                              }
                            },
                            "populate": {
                              "type": "object",
                              "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                              "properties": {
                                "last_job": {
                                  "type": "boolean",
                                  "title": "The last_job data"
                                },
                                "account": {
                                  "type": "boolean",
                                  "title": "The account data"
                                },
                                "default_group": {
                                  "type": "boolean",
                                  "title": "Specify whether the group is default"
                                },
                                "app_block": {
                                  "type": "boolean",
                                  "title": "Specify the number of app block activity"
                                },
                                "platform": {
                                  "type": "boolean",
                                  "title": "Specify the platform on OS release name aggregation"
                                }
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The page size. If you just need to aggregate, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The fields onto which you can perform aggregations",
                              "default": [],
                              "items": {
                                "type": "string",
                                "title": "The Items Schema",
                                "enum": [
                                  "has_alerts",
                                  "infected",
                                  "suspicious",
                                  "scan_needed",
                                  "reboot_required",
                                  "check-in_status",
                                  "isolated",
                                  "protection_status",
                                  "os_info.os_release_name",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "plugins.asset_manager.plugin_version",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.asset_manager.alerts.codes",
                                  "plugins.endpoint_protection.plugin_version",
                                  "plugins.endpoint_protection.sdk_version",
                                  "plugins.endpoint_protection.alerts.codes",
                                  "plugins.endpoint_protection.component_package_version",
                                  "plugins.endpoint_protection.update_package_version",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.alerts.codes",
                                  "plugins.incident_response.plugin_version",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.incident_response.alerts.codes",
                                  "plugins.siem.plugin_version",
                                  "plugins.siem.reboot_reason",
                                  "plugins.siem.alerts.codes",
                                  "engine_version",
                                  "domain_name",
                                  "policy_etag",
                                  "account_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_name",
                                  "policy_id",
                                  "is_deleted",
                                  "is_software_update_available",
                                  "machine_ip",
                                  "object_guid",
                                  "serial_number"
                                ]
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Whether sorting should be ascending or descending",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "at_after": {
                              "type": "string",
                              "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "1970-01-01T00:00:00Z"
                              ]
                            },
                            "at_before": {
                              "type": "string",
                              "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_after": {
                              "type": "string",
                              "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_before": {
                              "type": "string",
                              "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "app_block_count_after": {
                              "type": "string",
                              "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregate_by_account": {
                              "type": "boolean",
                              "title": "Indicates whether aggregations should be scoped by account"
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Delete Endpoints Bulk Body 200 Schema",
                  "required": [
                    "deleted"
                  ],
                  "properties": {
                    "deleted": {
                      "type": "array",
                      "title": "IDs of the deleted endpoint (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "items": {
                        "type": "string",
                        "title": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      }
                    },
                    "errors": {
                      "type": "array",
                      "title": "tasks not performed",
                      "items": {
                        "type": "object",
                        "title": "Endpoint ID",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_ids": {
                            "type": "array",
                            "title": "Account IDs",
                            "items": {
                              "type": "string",
                              "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.delete.endpoints.bulk"
      },
      "post": {
        "description": "Search endpoints. Constraints with the suffix `keyword` indicates an exact match. Constraints without the `keyword` suffix will be tokenized.\n\n### Examples\nIf you want to find endpoints belonging to the `Default group` (the search is case insensitive), use `group_name.keyword` as a constraint.\n```json\n{\n    \"group_name.keyword\": \"default group\"\n}\n```\nAlternatively, if you want to find endpoints which group includes `department_one OR department_two`, use `group_name` as a constraint.\n```json\n{\n    \"group_name\": \"department_one department_two department_three\"\n}\n```\n",
        "summary": "Search endpoints",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data",
            "caching"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "properties": {
                  "name_multi_search": {
                    "type": "string",
                    "title": "Search either alias, host name of fully qualified host name"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified id"
                  },
                  "is_isolated": {
                    "type": "boolean",
                    "title": "Indicates whether the endpoints are isolated or not"
                  },
                  "is_software_update_available": {
                    "type": "boolean",
                    "title": "Indicates whether the agent has an available update"
                  },
                  "has_alerts": {
                    "type": "boolean",
                    "title": "Indicates whether the endpoint needs attention"
                  },
                  "alerts.codes": {
                    "type": "string",
                    "title": "Alert codes"
                  },
                  "suspicious_activity_found": {
                    "type": "boolean",
                    "title": "Filter the search to the endpoints that have open suspicious activities"
                  },
                  "reboot_required": {
                    "type": "boolean",
                    "title": "Filter the search to the endpoints needing a reboot"
                  },
                  "infection_found": {
                    "type": "boolean",
                    "title": "Filter the search to the endpoints with one or more security threats found"
                  },
                  "policy_id": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified policy (id)"
                  },
                  "policy_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified policy (name)"
                  },
                  "policy_etag": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified policy etag"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified domain name"
                  },
                  "engine_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified engine version"
                  },
                  "last_user": {
                    "type": "string",
                    "title": "Last user that logged into the machine"
                  },
                  "last_user.keyword": {
                    "type": "string",
                    "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "alias": {
                    "type": "string",
                    "title": "Aliases for the machine"
                  },
                  "plugins.siem.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                  },
                  "plugins.siem.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified SIEM plugin version"
                  },
                  "plugins.siem.alerts.codes": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified SIEM alerts"
                  },
                  "plugins.browser_phishing_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                  },
                  "plugins.browser_phishing_protection.alerts.codes": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                  },
                  "plugins.incident_response.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                  },
                  "plugins.incident_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified IR plugin version"
                  },
                  "plugins.incident_response.alerts.codes": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified IR plugin alerts"
                  },
                  "plugins.endpoint_detection_and_response.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                  },
                  "plugins.endpoint_detection_and_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EDR plugin version"
                  },
                  "plugins.endpoint_detection_and_response.alerts.codes": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                  },
                  "plugins.endpoint_protection.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                  },
                  "plugins.endpoint_protection.update_package_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP update package version"
                  },
                  "plugins.endpoint_protection.update_package_version.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with wildcard EP update package version"
                  },
                  "plugins.endpoint_protection.component_package_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP component package version"
                  },
                  "plugins.endpoint_protection.sdk_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP SDK version"
                  },
                  "plugins.endpoint_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP plugin version"
                  },
                  "plugins.endpoint_protection.alerts.codes": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP plugin alerts"
                  },
                  "plugins.asset_manager.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                  },
                  "plugins.asset_manager.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified asset manager plugin version"
                  },
                  "plugins.asset_manager.alerts.codes": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified asset manager alerts"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified, fully qualified host name"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified host name"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified release name of OS"
                  },
                  "os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified release name of OS"
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS architecture"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS version"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS type"
                  },
                  "nics.description": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified NICS description"
                  },
                  "nics.mac_address": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified NICS MAC address"
                  },
                  "nics.ips": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified ips"
                  },
                  "group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "policy_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "engine_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by specified engine version."
                  },
                  "engine_version_gt": {
                    "type": "string",
                    "title": "Filter the search by engine version greater than specified value."
                  },
                  "engine_version_gte": {
                    "type": "string",
                    "title": "Filter the search by engine version greater than or equal to specified value."
                  },
                  "engine_version_lt": {
                    "type": "string",
                    "title": "Filter the search by engine version less than specified value."
                  },
                  "engine_version_lte": {
                    "type": "string",
                    "title": "Filter the search by engine version less than or equal to specified value."
                  },
                  "protection_status": {
                    "type": "string",
                    "title": "Protection status of the endpoint(s)",
                    "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter the search by group id"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter the search by group's name"
                  },
                  "source_location.city": {
                    "type": "string",
                    "title": "Source location city filter"
                  },
                  "source_location.country": {
                    "type": "string",
                    "title": "Source location country filter"
                  },
                  "source_location.country_iso": {
                    "type": "string",
                    "title": "Source location country_iso filter"
                  },
                  "source_location.continent": {
                    "type": "string",
                    "title": "Source location continent filter"
                  },
                  "source_location.time_zone": {
                    "type": "string",
                    "title": "Source location time_zone filter"
                  },
                  "source_location.postal_code": {
                    "type": "string",
                    "title": "Source location postal_code filter"
                  },
                  "source_location.subdivisions": {
                    "type": "string",
                    "title": "Source location subdivisions filter"
                  },
                  "source_location.is_anonymous_proxy": {
                    "type": "boolean",
                    "title": "Source location is_anonymous_proxy filter"
                  },
                  "machine_ip": {
                    "type": "string",
                    "title": "machine_ip filter"
                  },
                  "serial_number": {
                    "type": "string",
                    "title": "Serial number filter"
                  },
                  "serial_number.keyword": {
                    "type": "string",
                    "title": "Serial number filter"
                  },
                  "object_guid": {
                    "type": "string",
                    "title": "object_guid filter"
                  },
                  "is_deleted": {
                    "type": "boolean",
                    "default": false,
                    "nullable": true,
                    "title": "is_deleted filter"
                  },
                  "vulnerabilities_found_total_gt": {
                    "type": "number",
                    "title": "vulnerabilities_found_total_gt"
                  },
                  "vulnerabilities_found_total_lt": {
                    "type": "number",
                    "title": "vulnerabilities_found_total_lt"
                  },
                  "vulnerabilities_found_total_gte": {
                    "type": "number",
                    "title": "vulnerabilities_found_total_gte"
                  },
                  "vulnerabilities_found_total_lte": {
                    "type": "number",
                    "title": "vulnerabilities_found_total_lte"
                  },
                  "connected": {
                    "type": "boolean",
                    "title": "connected"
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "at",
                      "nics.ips",
                      "nics.mac_address",
                      "nics.description",
                      "os_info.os_type",
                      "os_info.os_version",
                      "os_info.os_platform",
                      "os_info.os_architecture",
                      "os_info.os_release_name",
                      "host_name",
                      "fully_qualified_host_name",
                      "plugins.asset_manager.plugin_version",
                      "plugins.asset_manager.reboot_reason",
                      "plugins.endpoint_protection.plugin_version",
                      "plugins.endpoint_protection.sdk_version",
                      "plugins.endpoint_protection.component_package_version",
                      "plugins.endpoint_protection.update_package_version",
                      "plugins.endpoint_protection.reboot_reason",
                      "plugins.endpoint_detection_and_response.plugin_version",
                      "plugins.endpoint_detection_and_response.reboot_reason",
                      "plugins.incident_response.plugin_version",
                      "plugins.incident_response.reboot_reason",
                      "plugins.siem.plugin_version",
                      "plugins.browser_phishing_protection.plugin_version",
                      "plugins.siem.reboot_reason",
                      "engine_version",
                      "domain_name",
                      "policy_etag",
                      "account_id",
                      "group_id",
                      "root_group_id",
                      "group_name",
                      "policy_name",
                      "policy_id",
                      "deleted_at",
                      "created_at",
                      "marked_for_deletion",
                      "is_deleted",
                      "last_day_seen",
                      "last_scanned_at",
                      "last_user",
                      "tags.alias",
                      "name_multi_search",
                      "machine_ip",
                      "serial_number",
                      "object_guid",
                      "vulnerabilities_found.critical",
                      "vulnerabilities_found.high",
                      "vulnerabilities_found.medium",
                      "vulnerabilities_found.low",
                      "vulnerabilities_found.none",
                      "vulnerabilities_found.total",
                      "os_patches_available",
                      "last_assets_scan_at",
                      "connected"
                    ]
                  },
                  "multi_sort": {
                    "type": "array",
                    "title": "The multi_sort schema",
                    "items": {
                      "type": "object",
                      "title": "Sort field and direction",
                      "properties": {
                        "field": {
                          "type": "string",
                          "title": "Sort field",
                          "enum": [
                            "at",
                            "nics.ips",
                            "nics.mac_address",
                            "nics.description",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "host_name",
                            "fully_qualified_host_name",
                            "plugins.asset_manager.plugin_version",
                            "plugins.asset_manager.reboot_reason",
                            "plugins.endpoint_protection.plugin_version",
                            "plugins.endpoint_protection.sdk_version",
                            "plugins.endpoint_protection.component_package_version",
                            "plugins.endpoint_protection.update_package_version",
                            "plugins.endpoint_protection.reboot_reason",
                            "plugins.endpoint_detection_and_response.plugin_version",
                            "plugins.endpoint_detection_and_response.reboot_reason",
                            "plugins.incident_response.plugin_version",
                            "plugins.incident_response.reboot_reason",
                            "plugins.siem.plugin_version",
                            "plugins.browser_phishing_protection.plugin_version",
                            "plugins.siem.reboot_reason",
                            "engine_version",
                            "domain_name",
                            "policy_etag",
                            "account_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "policy_name",
                            "policy_id",
                            "deleted_at",
                            "created_at",
                            "marked_for_deletion",
                            "is_deleted",
                            "last_day_seen",
                            "last_scanned_at",
                            "last_user",
                            "tags.alias",
                            "name_multi_search",
                            "machine_ip",
                            "serial_number",
                            "object_guid",
                            "vulnerabilities_found.critical",
                            "vulnerabilities_found.high",
                            "vulnerabilities_found.medium",
                            "vulnerabilities_found.low",
                            "vulnerabilities_found.none",
                            "vulnerabilities_found.total",
                            "os_patches_available",
                            "last_assets_scan_at",
                            "connected"
                          ]
                        },
                        "direction": {
                          "type": "string",
                          "title": "Direction",
                          "enum": [
                            "asc",
                            "desc"
                          ]
                        },
                        "missing": {
                          "type": "string",
                          "title": "Missing values sorting",
                          "enum": [
                            "_first",
                            "_last"
                          ]
                        }
                      }
                    }
                  },
                  "populate": {
                    "type": "object",
                    "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                    "properties": {
                      "last_job": {
                        "type": "boolean",
                        "title": "The last_job data"
                      },
                      "account": {
                        "type": "boolean",
                        "title": "The account data"
                      },
                      "default_group": {
                        "type": "boolean",
                        "title": "Specify whether the group is default"
                      },
                      "app_block": {
                        "type": "boolean",
                        "title": "Specify the number of app block activity"
                      },
                      "platform": {
                        "type": "boolean",
                        "title": "Specify the platform on OS release name aggregation"
                      }
                    }
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page size. If you just need to aggregate, set it to 0",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The fields onto which you can perform aggregations",
                    "default": [],
                    "items": {
                      "type": "string",
                      "title": "The Items Schema",
                      "enum": [
                        "has_alerts",
                        "infected",
                        "suspicious",
                        "scan_needed",
                        "reboot_required",
                        "check-in_status",
                        "isolated",
                        "protection_status",
                        "os_info.os_release_name",
                        "nics.ips",
                        "nics.mac_address",
                        "nics.description",
                        "os_info.os_type",
                        "os_info.os_version",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "host_name",
                        "fully_qualified_host_name",
                        "plugins.asset_manager.plugin_version",
                        "plugins.asset_manager.reboot_reason",
                        "plugins.asset_manager.alerts.codes",
                        "plugins.endpoint_protection.plugin_version",
                        "plugins.endpoint_protection.sdk_version",
                        "plugins.endpoint_protection.alerts.codes",
                        "plugins.endpoint_protection.component_package_version",
                        "plugins.endpoint_protection.update_package_version",
                        "plugins.endpoint_protection.reboot_reason",
                        "plugins.endpoint_detection_and_response.plugin_version",
                        "plugins.endpoint_detection_and_response.reboot_reason",
                        "plugins.endpoint_detection_and_response.alerts.codes",
                        "plugins.incident_response.plugin_version",
                        "plugins.incident_response.reboot_reason",
                        "plugins.incident_response.alerts.codes",
                        "plugins.siem.plugin_version",
                        "plugins.siem.reboot_reason",
                        "plugins.siem.alerts.codes",
                        "engine_version",
                        "domain_name",
                        "policy_etag",
                        "account_id",
                        "group_id",
                        "root_group_id",
                        "group_name",
                        "policy_name",
                        "policy_id",
                        "is_deleted",
                        "is_software_update_available",
                        "machine_ip",
                        "object_guid",
                        "serial_number"
                      ]
                    }
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Whether sorting should be ascending or descending",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  },
                  "at_after": {
                    "type": "string",
                    "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "1970-01-01T00:00:00Z"
                    ]
                  },
                  "at_before": {
                    "type": "string",
                    "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "last_day_seen_before": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "last_scan_before": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "last_scan_after": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "last_day_seen_after": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "marked_for_deletion_after": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "marked_for_deletion_before": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "deleted_at_after": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "deleted_at_before": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "created_at_after": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "created_at_before": {
                    "type": "string",
                    "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "last_assets_scan_at_after": {
                    "type": "string",
                    "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "last_assets_scan_at_before": {
                    "type": "string",
                    "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "app_block_count_after": {
                    "type": "string",
                    "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "aggregate_by_account": {
                    "type": "boolean",
                    "title": "Indicates whether aggregations should be scoped by account"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search endpoints",
                  "required": [
                    "endpoints",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "aggregations": {
                      "type": "object",
                      "additionalProperties": true
                    },
                    "endpoints": {
                      "type": "array",
                      "title": "Endpoints",
                      "items": {
                        "type": "object",
                        "title": "Endpoint items",
                        "additionalProperties": true,
                        "properties": {
                          "link": {
                            "type": "string",
                            "title": "Link"
                          },
                          "protection_status": {
                            "type": "string",
                            "title": "Protection Status"
                          },
                          "display_name": {
                            "type": "string",
                            "title": "Display Name"
                          },
                          "agent": {
                            "type": "object",
                            "title": "Agent",
                            "additionalProperties": true,
                            "properties": {
                              "is_software_update_available": {
                                "type": "boolean",
                                "title": "Indicates whether the agent has an available update"
                              },
                              "has_alerts": {
                                "type": "boolean",
                                "title": "Indicates whether the endpoint needs attention"
                              },
                              "last_user": {
                                "type": "string",
                                "title": "The last user logging in"
                              },
                              "at": {
                                "type": "string",
                                "title": "Reported At"
                              },
                              "machine_id": {
                                "type": "string",
                                "title": "Endpoint ID"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID"
                              },
                              "group_id": {
                                "type": "string",
                                "title": "Group ID"
                              },
                              "nics": {
                                "type": "array",
                                "title": "Nics",
                                "items": {
                                  "type": "object",
                                  "title": "Nics items",
                                  "properties": {
                                    "ips": {
                                      "type": "array",
                                      "title": "IPs",
                                      "items": {
                                        "type": "string",
                                        "title": "IP items"
                                      }
                                    },
                                    "description": {
                                      "type": "string",
                                      "title": "Description"
                                    },
                                    "mac_address": {
                                      "type": "string",
                                      "title": "Mac address"
                                    }
                                  }
                                }
                              },
                              "os_info": {
                                "type": "object",
                                "title": "Os info",
                                "properties": {
                                  "os_type": {
                                    "type": "string",
                                    "title": "OS type"
                                  },
                                  "os_version": {
                                    "type": "string",
                                    "title": "OS version"
                                  },
                                  "os_platform": {
                                    "type": "string",
                                    "title": "OS platform"
                                  },
                                  "os_architecture": {
                                    "type": "string",
                                    "title": "OS architecture"
                                  },
                                  "os_release_name": {
                                    "type": "string",
                                    "title": "OS release name"
                                  }
                                }
                              },
                              "domain_name": {
                                "type": "string",
                                "title": "Domain name"
                              },
                              "host_name": {
                                "type": "string",
                                "title": "Host name"
                              },
                              "fully_qualified_host_name": {
                                "type": "string",
                                "title": "Fully qualified host name"
                              },
                              "object_guid": {
                                "type": "string",
                                "title": "Object guid"
                              },
                              "plugins": {
                                "type": "object",
                                "title": "Plugins",
                                "properties": {
                                  "incident_response": {
                                    "type": "object",
                                    "title": "Incident response",
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "Product name"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Plugin version"
                                      },
                                      "update_package_version": {
                                        "type": "string",
                                        "title": "Update package version"
                                      },
                                      "component_package_version": {
                                        "type": "string",
                                        "title": "Component package version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  "endpoint_protection": {
                                    "type": "object",
                                    "title": "Endpoint protection plugin",
                                    "properties": {
                                      "sdk_version": {
                                        "type": "string",
                                        "title": "SDK version plugin"
                                      },
                                      "product_name": {
                                        "type": "string",
                                        "title": "Name of the product"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Version of the product"
                                      },
                                      "update_package_version": {
                                        "type": "string",
                                        "title": "Update version"
                                      },
                                      "component_package_version": {
                                        "type": "string",
                                        "title": "Component version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  "asset_manager": {
                                    "type": "object",
                                    "title": "Asset manager",
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "Product name"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Plugin version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  "endpoint_detection_and_response": {
                                    "type": "object",
                                    "title": "Endpoint detection and response",
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "Product name"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Plugin version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              "engine_version": {
                                "type": "string",
                                "title": "Engine version"
                              },
                              "policy_etag": {
                                "type": "string",
                                "title": "Policy etag"
                              },
                              "version": {
                                "type": "integer",
                                "title": "Version"
                              },
                              "document_id": {
                                "type": "string",
                                "title": "Document ID"
                              },
                              "machine_ip": {
                                "type": "string",
                                "title": "Machine public IP"
                              },
                              "source_location": {
                                "type": "object",
                                "properties": {
                                  "city": {
                                    "type": "string"
                                  },
                                  "country": {
                                    "type": "string"
                                  },
                                  "country_iso": {
                                    "type": "string"
                                  },
                                  "continent": {
                                    "type": "string"
                                  },
                                  "accuracy_radius": {
                                    "type": "integer"
                                  },
                                  "point": {
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number"
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number"
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "time_zone": {
                                    "type": "string"
                                  },
                                  "postal_code": {
                                    "type": "string"
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean"
                                  }
                                }
                              },
                              "serial_number": {
                                "type": "string",
                                "title": "Serial number of this endpoint"
                              }
                            }
                          },
                          "machine": {
                            "type": "object",
                            "title": "Endpoint",
                            "additionalProperties": true,
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "ID"
                              },
                              "job": {
                                "type": "object",
                                "title": "The last job",
                                "additionalProperties": true
                              },
                              "account": {
                                "type": "object",
                                "title": "Account",
                                "additionalProperties": true
                              },
                              "online": {
                                "type": "boolean",
                                "title": "Is online"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID"
                              },
                              "group_id": {
                                "type": "string",
                                "title": "Group ID"
                              },
                              "root_group_id": {
                                "type": "string",
                                "title": "Root group ID"
                              },
                              "group_name": {
                                "type": "string",
                                "title": "Group name"
                              },
                              "policy_id": {
                                "type": "string",
                                "title": "Policy id"
                              },
                              "policy_name": {
                                "type": "string",
                                "title": "Policy name"
                              },
                              "last_day_seen": {
                                "type": "string",
                                "title": "Last day seen"
                              },
                              "last_active": {
                                "type": "string",
                                "title": "Last time the endpoint connected to Nebula in real time"
                              },
                              "isolated": {
                                "type": "boolean",
                                "title": "Is isolated"
                              },
                              "scan_age_days": {
                                "type": "integer",
                                "title": "Days from last scan"
                              },
                              "suspicious_activity_count": {
                                "type": "integer",
                                "title": "Count of suspicious activities"
                              },
                              "infection_count": {
                                "type": "integer",
                                "title": "Count of infections found"
                              },
                              "reboot_required": {
                                "type": "integer",
                                "title": "Is reboot required"
                              },
                              "last_scanned_at": {
                                "type": "string",
                                "title": "Last scanned at"
                              },
                              "is_deleted": {
                                "type": "boolean",
                                "title": "Is deleted"
                              },
                              "version": {
                                "type": "integer",
                                "title": "Version"
                              },
                              "document_id": {
                                "type": "string",
                                "title": "Document ID"
                              },
                              "created_at": {
                                "type": "string",
                                "format": "date-time",
                                "title": "Created At"
                              }
                            }
                          },
                          "machineVersion": {
                            "type": "integer",
                            "title": "Machine version"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The Total_count Schema"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    },
                    "after": {
                      "type": "string",
                      "title": "After cursor"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.post.endpoints"
      }
    },
    "/nebula/v1/endpoints/export": {
      "post": {
        "description": "Export dump as file.",
        "summary": "Export endpoints",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "endpoints",
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "machine.is_deleted",
                            "machine.scan_age_days",
                            "machine.root_group_id",
                            "machine.last_day_seen",
                            "machine.isolated",
                            "machine.suspicious_activity_count",
                            "machine.infection_count",
                            "machine.reboot_required",
                            "machine.last_scanned_at",
                            "machine.group_name",
                            "machine.policy_id",
                            "machine.policy_name",
                            "machine.tags",
                            "machine.group_id",
                            "machine.id",
                            "machine.account_id",
                            "machine.online",
                            "machine.created_at",
                            "machine.job.status",
                            "machine.account.name",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.is_software_update_available",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.available_software_updates.sdk_version.new",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.plugins.endpoint_protection.update_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number",
                            "protection_status",
                            "stats.assets.vulnerabilities_found",
                            "stats.assets.os_patches_available",
                            "stats.assets.last_scanned_at",
                            "stats.app_block_count",
                            "connected",
                            "agent.plugins.browser_phishing_protection.plugin_version"
                          ]
                        }
                      }
                    }
                  },
                  "endpoints": {
                    "type": "array",
                    "title": "Endpoints IDs",
                    "items": {
                      "type": "object",
                      "title": "Explicit list of endpoints",
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "ID of the endpoint (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "List of queries to fetch endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "name_multi_search": {
                              "type": "string",
                              "title": "Search either alias, host name of fully qualified host name"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified id"
                            },
                            "is_isolated": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoints are isolated or not"
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "Indicates whether the agent has an available update"
                            },
                            "has_alerts": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoint needs attention"
                            },
                            "alerts.codes": {
                              "type": "string",
                              "title": "Alert codes"
                            },
                            "suspicious_activity_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints that have open suspicious activities"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints needing a reboot"
                            },
                            "infection_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints with one or more security threats found"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (id)"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (name)"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy etag"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified domain name"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified engine version"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Last user that logged into the machine"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "alias": {
                              "type": "string",
                              "title": "Aliases for the machine"
                            },
                            "plugins.siem.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM plugin version"
                            },
                            "plugins.siem.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM alerts"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                            },
                            "plugins.browser_phishing_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                            },
                            "plugins.incident_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin version"
                            },
                            "plugins.incident_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin alerts"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin version"
                            },
                            "plugins.endpoint_detection_and_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                            },
                            "plugins.endpoint_protection.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP update package version"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with wildcard EP update package version"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP component package version"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP SDK version"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin version"
                            },
                            "plugins.endpoint_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin alerts"
                            },
                            "plugins.asset_manager.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager plugin version"
                            },
                            "plugins.asset_manager.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager alerts"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified, fully qualified host name"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified host name"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS architecture"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS version"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS type"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS description"
                            },
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS MAC address"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified ips"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by specified engine version."
                            },
                            "engine_version_gt": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than specified value."
                            },
                            "engine_version_gte": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than or equal to specified value."
                            },
                            "engine_version_lt": {
                              "type": "string",
                              "title": "Filter the search by engine version less than specified value."
                            },
                            "engine_version_lte": {
                              "type": "string",
                              "title": "Filter the search by engine version less than or equal to specified value."
                            },
                            "protection_status": {
                              "type": "string",
                              "title": "Protection status of the endpoint(s)",
                              "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group's name"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Source location city filter"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Source location country filter"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Source location country_iso filter"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Source location continent filter"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Source location time_zone filter"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Source location postal_code filter"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Source location subdivisions filter"
                            },
                            "source_location.is_anonymous_proxy": {
                              "type": "boolean",
                              "title": "Source location is_anonymous_proxy filter"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "machine_ip filter"
                            },
                            "serial_number": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "serial_number.keyword": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "object_guid filter"
                            },
                            "is_deleted": {
                              "type": "boolean",
                              "default": false,
                              "nullable": true,
                              "title": "is_deleted filter"
                            },
                            "vulnerabilities_found_total_gt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gt"
                            },
                            "vulnerabilities_found_total_lt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lt"
                            },
                            "vulnerabilities_found_total_gte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gte"
                            },
                            "vulnerabilities_found_total_lte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lte"
                            },
                            "connected": {
                              "type": "boolean",
                              "title": "connected"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "multi_sort": {
                              "type": "array",
                              "title": "The multi_sort schema",
                              "items": {
                                "type": "object",
                                "title": "Sort field and direction",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Sort field",
                                    "enum": [
                                      "at",
                                      "nics.ips",
                                      "nics.mac_address",
                                      "nics.description",
                                      "os_info.os_type",
                                      "os_info.os_version",
                                      "os_info.os_platform",
                                      "os_info.os_architecture",
                                      "os_info.os_release_name",
                                      "host_name",
                                      "fully_qualified_host_name",
                                      "plugins.asset_manager.plugin_version",
                                      "plugins.asset_manager.reboot_reason",
                                      "plugins.endpoint_protection.plugin_version",
                                      "plugins.endpoint_protection.sdk_version",
                                      "plugins.endpoint_protection.component_package_version",
                                      "plugins.endpoint_protection.update_package_version",
                                      "plugins.endpoint_protection.reboot_reason",
                                      "plugins.endpoint_detection_and_response.plugin_version",
                                      "plugins.endpoint_detection_and_response.reboot_reason",
                                      "plugins.incident_response.plugin_version",
                                      "plugins.incident_response.reboot_reason",
                                      "plugins.siem.plugin_version",
                                      "plugins.browser_phishing_protection.plugin_version",
                                      "plugins.siem.reboot_reason",
                                      "engine_version",
                                      "domain_name",
                                      "policy_etag",
                                      "account_id",
                                      "group_id",
                                      "root_group_id",
                                      "group_name",
                                      "policy_name",
                                      "policy_id",
                                      "deleted_at",
                                      "created_at",
                                      "marked_for_deletion",
                                      "is_deleted",
                                      "last_day_seen",
                                      "last_scanned_at",
                                      "last_user",
                                      "tags.alias",
                                      "name_multi_search",
                                      "machine_ip",
                                      "serial_number",
                                      "object_guid",
                                      "vulnerabilities_found.critical",
                                      "vulnerabilities_found.high",
                                      "vulnerabilities_found.medium",
                                      "vulnerabilities_found.low",
                                      "vulnerabilities_found.none",
                                      "vulnerabilities_found.total",
                                      "os_patches_available",
                                      "last_assets_scan_at",
                                      "connected"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Direction",
                                    "enum": [
                                      "asc",
                                      "desc"
                                    ]
                                  },
                                  "missing": {
                                    "type": "string",
                                    "title": "Missing values sorting",
                                    "enum": [
                                      "_first",
                                      "_last"
                                    ]
                                  }
                                }
                              }
                            },
                            "populate": {
                              "type": "object",
                              "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                              "properties": {
                                "last_job": {
                                  "type": "boolean",
                                  "title": "The last_job data"
                                },
                                "account": {
                                  "type": "boolean",
                                  "title": "The account data"
                                },
                                "default_group": {
                                  "type": "boolean",
                                  "title": "Specify whether the group is default"
                                },
                                "app_block": {
                                  "type": "boolean",
                                  "title": "Specify the number of app block activity"
                                },
                                "platform": {
                                  "type": "boolean",
                                  "title": "Specify the platform on OS release name aggregation"
                                }
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The page size. If you just need to aggregate, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The fields onto which you can perform aggregations",
                              "default": [],
                              "items": {
                                "type": "string",
                                "title": "The Items Schema",
                                "enum": [
                                  "has_alerts",
                                  "infected",
                                  "suspicious",
                                  "scan_needed",
                                  "reboot_required",
                                  "check-in_status",
                                  "isolated",
                                  "protection_status",
                                  "os_info.os_release_name",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "plugins.asset_manager.plugin_version",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.asset_manager.alerts.codes",
                                  "plugins.endpoint_protection.plugin_version",
                                  "plugins.endpoint_protection.sdk_version",
                                  "plugins.endpoint_protection.alerts.codes",
                                  "plugins.endpoint_protection.component_package_version",
                                  "plugins.endpoint_protection.update_package_version",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.alerts.codes",
                                  "plugins.incident_response.plugin_version",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.incident_response.alerts.codes",
                                  "plugins.siem.plugin_version",
                                  "plugins.siem.reboot_reason",
                                  "plugins.siem.alerts.codes",
                                  "engine_version",
                                  "domain_name",
                                  "policy_etag",
                                  "account_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_name",
                                  "policy_id",
                                  "is_deleted",
                                  "is_software_update_available",
                                  "machine_ip",
                                  "object_guid",
                                  "serial_number"
                                ]
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Whether sorting should be ascending or descending",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "at_after": {
                              "type": "string",
                              "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "1970-01-01T00:00:00Z"
                              ]
                            },
                            "at_before": {
                              "type": "string",
                              "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_after": {
                              "type": "string",
                              "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_before": {
                              "type": "string",
                              "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "app_block_count_after": {
                              "type": "string",
                              "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregate_by_account": {
                              "type": "boolean",
                              "title": "Indicates whether aggregations should be scoped by account"
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v1.nebula.post.export"
      }
    },
    "/nebula/v1/endpoints/export/async": {
      "post": {
        "description": "Export endpoints and receive email",
        "summary": "Export endpoints asynchronously",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "endpoints",
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "machine.is_deleted",
                            "machine.scan_age_days",
                            "machine.root_group_id",
                            "machine.last_day_seen",
                            "machine.isolated",
                            "machine.suspicious_activity_count",
                            "machine.infection_count",
                            "machine.reboot_required",
                            "machine.last_scanned_at",
                            "machine.group_name",
                            "machine.policy_id",
                            "machine.policy_name",
                            "machine.tags",
                            "machine.group_id",
                            "machine.id",
                            "machine.account_id",
                            "machine.online",
                            "machine.created_at",
                            "machine.job.status",
                            "machine.account.name",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.is_software_update_available",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.available_software_updates.sdk_version.new",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.plugins.endpoint_protection.update_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number",
                            "protection_status",
                            "stats.assets.vulnerabilities_found",
                            "stats.assets.os_patches_available",
                            "stats.assets.last_scanned_at",
                            "stats.app_block_count",
                            "connected",
                            "agent.plugins.browser_phishing_protection.plugin_version"
                          ]
                        }
                      }
                    }
                  },
                  "endpoints": {
                    "type": "array",
                    "title": "Endpoints IDs",
                    "items": {
                      "type": "object",
                      "title": "Explicit list of endpoints",
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "ID of the endpoint (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "List of queries to fetch endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "name_multi_search": {
                              "type": "string",
                              "title": "Search either alias, host name of fully qualified host name"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified id"
                            },
                            "is_isolated": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoints are isolated or not"
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "Indicates whether the agent has an available update"
                            },
                            "has_alerts": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoint needs attention"
                            },
                            "alerts.codes": {
                              "type": "string",
                              "title": "Alert codes"
                            },
                            "suspicious_activity_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints that have open suspicious activities"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints needing a reboot"
                            },
                            "infection_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints with one or more security threats found"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (id)"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (name)"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy etag"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified domain name"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified engine version"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Last user that logged into the machine"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "alias": {
                              "type": "string",
                              "title": "Aliases for the machine"
                            },
                            "plugins.siem.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM plugin version"
                            },
                            "plugins.siem.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM alerts"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                            },
                            "plugins.browser_phishing_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                            },
                            "plugins.incident_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin version"
                            },
                            "plugins.incident_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin alerts"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin version"
                            },
                            "plugins.endpoint_detection_and_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                            },
                            "plugins.endpoint_protection.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP update package version"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with wildcard EP update package version"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP component package version"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP SDK version"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin version"
                            },
                            "plugins.endpoint_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin alerts"
                            },
                            "plugins.asset_manager.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager plugin version"
                            },
                            "plugins.asset_manager.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager alerts"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified, fully qualified host name"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified host name"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS architecture"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS version"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS type"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS description"
                            },
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS MAC address"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified ips"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by specified engine version."
                            },
                            "engine_version_gt": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than specified value."
                            },
                            "engine_version_gte": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than or equal to specified value."
                            },
                            "engine_version_lt": {
                              "type": "string",
                              "title": "Filter the search by engine version less than specified value."
                            },
                            "engine_version_lte": {
                              "type": "string",
                              "title": "Filter the search by engine version less than or equal to specified value."
                            },
                            "protection_status": {
                              "type": "string",
                              "title": "Protection status of the endpoint(s)",
                              "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group's name"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Source location city filter"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Source location country filter"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Source location country_iso filter"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Source location continent filter"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Source location time_zone filter"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Source location postal_code filter"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Source location subdivisions filter"
                            },
                            "source_location.is_anonymous_proxy": {
                              "type": "boolean",
                              "title": "Source location is_anonymous_proxy filter"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "machine_ip filter"
                            },
                            "serial_number": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "serial_number.keyword": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "object_guid filter"
                            },
                            "is_deleted": {
                              "type": "boolean",
                              "default": false,
                              "nullable": true,
                              "title": "is_deleted filter"
                            },
                            "vulnerabilities_found_total_gt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gt"
                            },
                            "vulnerabilities_found_total_lt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lt"
                            },
                            "vulnerabilities_found_total_gte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gte"
                            },
                            "vulnerabilities_found_total_lte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lte"
                            },
                            "connected": {
                              "type": "boolean",
                              "title": "connected"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "multi_sort": {
                              "type": "array",
                              "title": "The multi_sort schema",
                              "items": {
                                "type": "object",
                                "title": "Sort field and direction",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Sort field",
                                    "enum": [
                                      "at",
                                      "nics.ips",
                                      "nics.mac_address",
                                      "nics.description",
                                      "os_info.os_type",
                                      "os_info.os_version",
                                      "os_info.os_platform",
                                      "os_info.os_architecture",
                                      "os_info.os_release_name",
                                      "host_name",
                                      "fully_qualified_host_name",
                                      "plugins.asset_manager.plugin_version",
                                      "plugins.asset_manager.reboot_reason",
                                      "plugins.endpoint_protection.plugin_version",
                                      "plugins.endpoint_protection.sdk_version",
                                      "plugins.endpoint_protection.component_package_version",
                                      "plugins.endpoint_protection.update_package_version",
                                      "plugins.endpoint_protection.reboot_reason",
                                      "plugins.endpoint_detection_and_response.plugin_version",
                                      "plugins.endpoint_detection_and_response.reboot_reason",
                                      "plugins.incident_response.plugin_version",
                                      "plugins.incident_response.reboot_reason",
                                      "plugins.siem.plugin_version",
                                      "plugins.browser_phishing_protection.plugin_version",
                                      "plugins.siem.reboot_reason",
                                      "engine_version",
                                      "domain_name",
                                      "policy_etag",
                                      "account_id",
                                      "group_id",
                                      "root_group_id",
                                      "group_name",
                                      "policy_name",
                                      "policy_id",
                                      "deleted_at",
                                      "created_at",
                                      "marked_for_deletion",
                                      "is_deleted",
                                      "last_day_seen",
                                      "last_scanned_at",
                                      "last_user",
                                      "tags.alias",
                                      "name_multi_search",
                                      "machine_ip",
                                      "serial_number",
                                      "object_guid",
                                      "vulnerabilities_found.critical",
                                      "vulnerabilities_found.high",
                                      "vulnerabilities_found.medium",
                                      "vulnerabilities_found.low",
                                      "vulnerabilities_found.none",
                                      "vulnerabilities_found.total",
                                      "os_patches_available",
                                      "last_assets_scan_at",
                                      "connected"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Direction",
                                    "enum": [
                                      "asc",
                                      "desc"
                                    ]
                                  },
                                  "missing": {
                                    "type": "string",
                                    "title": "Missing values sorting",
                                    "enum": [
                                      "_first",
                                      "_last"
                                    ]
                                  }
                                }
                              }
                            },
                            "populate": {
                              "type": "object",
                              "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                              "properties": {
                                "last_job": {
                                  "type": "boolean",
                                  "title": "The last_job data"
                                },
                                "account": {
                                  "type": "boolean",
                                  "title": "The account data"
                                },
                                "default_group": {
                                  "type": "boolean",
                                  "title": "Specify whether the group is default"
                                },
                                "app_block": {
                                  "type": "boolean",
                                  "title": "Specify the number of app block activity"
                                },
                                "platform": {
                                  "type": "boolean",
                                  "title": "Specify the platform on OS release name aggregation"
                                }
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The page size. If you just need to aggregate, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The fields onto which you can perform aggregations",
                              "default": [],
                              "items": {
                                "type": "string",
                                "title": "The Items Schema",
                                "enum": [
                                  "has_alerts",
                                  "infected",
                                  "suspicious",
                                  "scan_needed",
                                  "reboot_required",
                                  "check-in_status",
                                  "isolated",
                                  "protection_status",
                                  "os_info.os_release_name",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "plugins.asset_manager.plugin_version",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.asset_manager.alerts.codes",
                                  "plugins.endpoint_protection.plugin_version",
                                  "plugins.endpoint_protection.sdk_version",
                                  "plugins.endpoint_protection.alerts.codes",
                                  "plugins.endpoint_protection.component_package_version",
                                  "plugins.endpoint_protection.update_package_version",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.alerts.codes",
                                  "plugins.incident_response.plugin_version",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.incident_response.alerts.codes",
                                  "plugins.siem.plugin_version",
                                  "plugins.siem.reboot_reason",
                                  "plugins.siem.alerts.codes",
                                  "engine_version",
                                  "domain_name",
                                  "policy_etag",
                                  "account_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_name",
                                  "policy_id",
                                  "is_deleted",
                                  "is_software_update_available",
                                  "machine_ip",
                                  "object_guid",
                                  "serial_number"
                                ]
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Whether sorting should be ascending or descending",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "at_after": {
                              "type": "string",
                              "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "1970-01-01T00:00:00Z"
                              ]
                            },
                            "at_before": {
                              "type": "string",
                              "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_after": {
                              "type": "string",
                              "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_before": {
                              "type": "string",
                              "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "app_block_count_after": {
                              "type": "string",
                              "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregate_by_account": {
                              "type": "boolean",
                              "title": "Indicates whether aggregations should be scoped by account"
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v1.nebula.post.export.async"
      }
    },
    "/nebula/v1/endpoints/{id}/agent_info": {
      "get": {
        "description": "Retrieve agent information of a given endpoint.",
        "summary": "Get endpoint agent info",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Get Endpoint By Id Agent Info Body 200 Schema",
                  "properties": {
                    "agent_info": {
                      "type": "string",
                      "title": "Raw agent_info data"
                    },
                    "last_seen_at": {
                      "type": "string",
                      "title": "The last time the endpoint checked in as online (max 1 per hour) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "agent_info_last_updated_at": {
                      "type": "string",
                      "title": "Agent info last updated at (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.get.endpoint.id.agent_info"
      }
    },
    "/nebula/v1/endpoints/{id}/assets": {
      "get": {
        "description": "Retrieve asset information of a given endpoint.",
        "summary": "Get endpoint assets",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get assets of an endpoint",
                  "type": "object",
                  "properties": {
                    "startups": {
                      "type": "array",
                      "title": "Startup programs",
                      "items": {
                        "type": "object",
                        "properties": {
                          "key": {
                            "title": "Key",
                            "type": "string"
                          },
                          "name": {
                            "title": "Name",
                            "type": "string"
                          },
                          "value": {
                            "title": "Value",
                            "type": [
                              "string",
                              "null"
                            ]
                          }
                        }
                      }
                    },
                    "os_info": {
                      "type": "object",
                      "title": "Operating System info",
                      "properties": {
                        "os_platform": {
                          "type": "string",
                          "title": "OS platform"
                        },
                        "os_architecture": {
                          "type": "string",
                          "title": "OS architecture"
                        },
                        "os_version": {
                          "type": "string",
                          "title": "OS version"
                        },
                        "os_release_name": {
                          "type": "string",
                          "title": "OS release name"
                        },
                        "os_type": {
                          "type": "string",
                          "title": "OS type"
                        }
                      }
                    },
                    "memory": {
                      "type": [
                        "object",
                        "null"
                      ],
                      "title": "Memory",
                      "properties": {
                        "total_virtual": {
                          "type": "number",
                          "title": "Total virtual space"
                        },
                        "free_virtual": {
                          "type": "number",
                          "title": "Free virtual space"
                        },
                        "total_physical": {
                          "type": "number",
                          "title": "Total physical space"
                        },
                        "free_physical": {
                          "type": "number",
                          "title": "Free physical space"
                        }
                      }
                    },
                    "computer_info": {
                      "type": "object",
                      "title": "Computer info",
                      "properties": {
                        "manufacturer": {
                          "type": "string",
                          "title": "Manufacturer"
                        },
                        "model": {
                          "type": "string",
                          "title": "Model"
                        }
                      }
                    },
                    "software_installed": {
                      "type": "array",
                      "title": "Software installed",
                      "items": {
                        "type": "object",
                        "properties": {
                          "vendor": {
                            "type": "string",
                            "title": "Vendor"
                          },
                          "product": {
                            "type": "string",
                            "title": "Product"
                          },
                          "installed_date": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Installed at date"
                          },
                          "version": {
                            "type": "string",
                            "title": "Version"
                          }
                        }
                      }
                    },
                    "nics": {
                      "type": "array",
                      "title": "NICs",
                      "items": {
                        "type": "object",
                        "properties": {
                          "mac_address": {
                            "type": "string",
                            "title": "MAC address"
                          },
                          "description": {
                            "type": "string",
                            "title": "Description"
                          },
                          "ips": {
                            "type": "array",
                            "title": "IPs",
                            "items": {
                              "type": "string"
                            }
                          }
                        }
                      }
                    },
                    "drives": {
                      "type": [
                        "array",
                        "null"
                      ],
                      "title": "Drives",
                      "items": {
                        "type": "object",
                        "properties": {
                          "freespace_available": {
                            "type": "number",
                            "title": "Available free space"
                          },
                          "volume_label": {
                            "type": "string",
                            "title": "Volume label"
                          },
                          "drive_format": {
                            "type": "string",
                            "title": "Drive format"
                          },
                          "freespace_total": {
                            "type": "number",
                            "title": "Total of space free"
                          },
                          "name": {
                            "type": "string",
                            "title": "Name"
                          },
                          "total_size": {
                            "type": "number",
                            "title": "Total size"
                          }
                        }
                      }
                    },
                    "updates_installed": {
                      "type": "array",
                      "title": "Updates installed",
                      "items": {
                        "type": "object",
                        "properties": {
                          "installed_date": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Installed at data"
                          },
                          "title": {
                            "type": "string",
                            "title": "Title"
                          }
                        }
                      }
                    },
                    "domain_name": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "Domain name"
                    },
                    "culture": {
                      "type": "string",
                      "title": "Culture"
                    },
                    "object_sid": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "SID of object"
                    },
                    "dhcp_scope_name": {
                      "type": "string",
                      "title": "DJCP scope name"
                    },
                    "time_zone": {
                      "type": "string",
                      "title": "Timezone"
                    },
                    "host_name": {
                      "type": "string",
                      "title": "Host name"
                    },
                    "fully_qualified_host_name": {
                      "type": "string",
                      "title": "Fully qualified hostname"
                    },
                    "object_guid": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "GUID of object"
                    },
                    "plugin_version": {
                      "type": "string",
                      "title": "Plugin version"
                    },
                    "updates_available": {
                      "type": "array",
                      "title": "Updates Available",
                      "items": {
                        "type": "object",
                        "properties": {
                          "category": {
                            "type": "string",
                            "examples": [
                              "feature_pack"
                            ]
                          },
                          "date": {
                            "type": "number",
                            "examples": [
                              1640004051
                            ]
                          },
                          "description": {
                            "type": "string",
                            "examples": [
                              "Update Description"
                            ]
                          },
                          "kb_id": {
                            "type": "string",
                            "examples": [
                              "4481252"
                            ]
                          },
                          "product": {
                            "type": "string",
                            "examples": [
                              ".Net Core"
                            ]
                          },
                          "reboot_required": {
                            "type": "boolean",
                            "examples": [
                              false
                            ]
                          },
                          "security_update_id": {
                            "type": "string"
                          },
                          "severity": {
                            "type": "string",
                            "examples": [
                              "important"
                            ]
                          },
                          "size": {
                            "type": "number",
                            "examples": [
                              1234465
                            ]
                          },
                          "title": {
                            "type": "string",
                            "examples": [
                              "Security Update for .Net 3.1"
                            ]
                          },
                          "vendor": {
                            "type": "string",
                            "examples": [
                              "Microsoft Corporation"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.get.endpoint.id.assets"
      }
    },
    "/nebula/v1/endpoints/{id}/network": {
      "get": {
        "description": "Get network information about an endpoint.",
        "summary": "Network information",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get network information about an endpoint.",
                  "properties": {
                    "nics": {
                      "type": "array",
                      "title": "The Nics Schema",
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "properties": {
                          "ips": {
                            "type": "array",
                            "title": "The Ips Schema",
                            "items": {
                              "type": "string",
                              "title": "The IP addresses"
                            }
                          },
                          "description": {
                            "type": "string",
                            "title": "The Description of the nics"
                          },
                          "mac_address": {
                            "type": "string",
                            "title": "The Mac address"
                          }
                        }
                      }
                    },
                    "host_name": {
                      "type": "string",
                      "title": "Host name"
                    },
                    "fully_qualified_host_name": {
                      "type": "string",
                      "title": "Fully qualified host name"
                    },
                    "last_seen_at": {
                      "type": "string",
                      "title": "The last time the endpoint checked in as online (max 1 per hour) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "agent_info_last_updated_at": {
                      "type": "string",
                      "title": "Agent info last updated at (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.get.endpoint.id.network"
      }
    },
    "/nebula/v1/endpoints/{id}/sa": {
      "get": {
        "description": "Fetch suspicious activity of an endpoint.",
        "summary": "All suspicious activity of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sort_field",
            "required": false,
            "in": "query",
            "description": "Sort field",
            "schema": {
              "type": "string",
              "enum": [
                "timestamp",
                "level",
                "pc_hostname"
              ]
            }
          },
          {
            "name": "sort_direction",
            "required": false,
            "in": "query",
            "description": "Sort direction",
            "schema": {
              "type": "string",
              "enum": [
                "asc",
                "desc"
              ]
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Since (Ex. \"2020-03-23T17:23:17.860482Z\")",
            "schema": {
              "type": "string",
              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$"
            }
          },
          {
            "name": "per_page",
            "required": false,
            "in": "query",
            "description": "Items per page",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Suspicious activity of an endopint",
                  "required": [
                    "sa",
                    "total_count"
                  ],
                  "properties": {
                    "sa": {
                      "type": "array",
                      "title": "Suspicious activity",
                      "items": {
                        "type": "object",
                        "title": "Suspicious activity items",
                        "properties": {
                          "detection_id_list": {
                            "type": "array",
                            "title": "Suspicious activity IDs",
                            "items": {
                              "type": "number"
                            }
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "timestamp": {
                            "type": "string",
                            "title": "Status"
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "pc_hostname": {
                            "type": "string",
                            "title": "Hostname of endpoint"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID"
                          },
                          "closed": {
                            "type": "integer",
                            "title": "Closed"
                          },
                          "level": {
                            "type": "integer",
                            "title": "Level"
                          },
                          "detected_by_count": {
                            "type": "integer",
                            "title": "Count"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.endpoint.id.sa"
      }
    },
    "/nebula/v1/endpoints/{id}/sa/{sa_id}/exclusions": {
      "get": {
        "description": "Fetch suspicious activity of an endpoint.",
        "summary": "Specific suspicious activity of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sa_id",
            "required": true,
            "in": "path",
            "description": "Suspicious activity ID",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Exclusions for suspicious activity  by endpoint",
                  "required": [
                    "data"
                  ],
                  "properties": {
                    "data": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "type": "object",
                        "title": "Exclusion",
                        "properties": {
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "md5": {
                            "type": "string",
                            "title": "MD5"
                          },
                          "command_line": {
                            "type": "string",
                            "title": "command_line"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.endpoint.id.sa.id.exclusion"
      }
    },
    "/nebula/v1/endpoints/{id}/sa/{sa_id}/remediate": {
      "post": {
        "description": "Remediate suspicious activity of an endpoint.",
        "summary": "Remediate suspicious activity of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sa_id",
            "required": true,
            "in": "path",
            "description": "Suspicious activity ID",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "201": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The eagle remediate schema",
                  "properties": {
                    "job_id": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "ID of the remediation job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.endpoint.id.sa.sa_id.remediate"
      }
    },
    "/nebula/v1/endpoints/{id}/scans/{scan_id}": {
      "get": {
        "description": "Get a scan of an endpoint by Id.",
        "summary": "Get a scan of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "The Id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "scan_id",
            "required": true,
            "in": "path",
            "description": "The Scan_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate_schedule_name",
            "required": false,
            "in": "query",
            "description": "Populate the schedule name",
            "schema": {
              "type": "boolean"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "The Get Endpoint By Id Scans By Id Body 200 Schema",
                  "type": "object",
                  "required": [
                    "id",
                    "machine_id",
                    "from_cloud",
                    "ondemand",
                    "scan_type",
                    "started_at",
                    "started_at_local",
                    "reported_at",
                    "duration_seconds",
                    "found_count",
                    "quarantined_count",
                    "deleted_count",
                    "total_count",
                    "metadata",
                    "machine_name",
                    "os_platform"
                  ],
                  "additionalProperties": false,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "machine_id": {
                      "type": "string",
                      "title": "The Machine_id Schema(Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "schedule_id": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "The schedule_id Schema(Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "schedule_name": {
                      "type": "string",
                      "title": "Schedule name (when populated)"
                    },
                    "from_cloud": {
                      "type": "boolean",
                      "title": "The From_cloud Schema"
                    },
                    "ondemand": {
                      "type": "boolean",
                      "title": "The Ondemand Schema"
                    },
                    "scan_type": {
                      "type": "string",
                      "title": "The Scan_type Schema"
                    },
                    "started_at": {
                      "type": "string",
                      "title": "The Started_at Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "started_at_local": {
                      "type": "string",
                      "title": "The Started_at_local Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "reported_at": {
                      "type": "string",
                      "title": "The Reported_at Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "duration_seconds": {
                      "type": "integer",
                      "title": "The Duration_seconds Schema"
                    },
                    "found_count": {
                      "type": "integer",
                      "title": "The Found_count Schema"
                    },
                    "quarantined_count": {
                      "type": "integer",
                      "title": "The Quarantined_count Schema"
                    },
                    "deleted_count": {
                      "type": "integer",
                      "title": "The Deleted_count Schema"
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The Total_count Schema"
                    },
                    "metadata": {
                      "type": "object",
                      "title": "The Metadata Schema",
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "The Id Schema"
                        },
                        "cpu": {
                          "type": "string",
                          "title": "The Cpu Schema"
                        },
                        "foldersDetected": {
                          "type": "integer",
                          "title": "The Foldersdetected Schema"
                        },
                        "componentsUpdatePackageVersion": {
                          "type": "string",
                          "title": "The Componentsupdatepackageversion Schema"
                        },
                        "registryValuesDetected": {
                          "type": "integer",
                          "title": "The Registryvaluesdetected Schema"
                        },
                        "schemaVersion": {
                          "type": "integer",
                          "title": "The Schemaversion Schema"
                        },
                        "processesDetected": {
                          "type": "integer",
                          "title": "The Processesdetected Schema"
                        },
                        "isUserAdmin": {
                          "type": "boolean",
                          "title": "The Isuseradmin Schema"
                        },
                        "sourceDetails": {
                          "type": "object",
                          "title": "The Sourcedetails Schema",
                          "properties": {
                            "scanDurationSecs": {
                              "type": "integer",
                              "title": "The Scandurationsecs Schema"
                            },
                            "scanOptions": {
                              "type": "object",
                              "title": "The Scanoptions Schema",
                              "properties": {
                                "scanMemoryObjects": {
                                  "type": "boolean",
                                  "title": "The Scanmemoryobjects Schema"
                                },
                                "scanStartupAndRegistry": {
                                  "type": "boolean",
                                  "title": "The Scanstartupandregistry Schema"
                                },
                                "scanRootKits": {
                                  "type": "boolean",
                                  "title": "The Scanrootkits Schema"
                                },
                                "scanType": {
                                  "type": "string",
                                  "title": "The Scantype Schema"
                                },
                                "scanPUMs": {
                                  "type": "boolean",
                                  "title": "The Scanpums Schema"
                                },
                                "scanArchives": {
                                  "type": "boolean",
                                  "title": "The Scanarchives Schema"
                                },
                                "scanFileSystem": {
                                  "type": "boolean",
                                  "title": "The Scanfilesystem Schema"
                                },
                                "scanPUPs": {
                                  "type": "boolean",
                                  "title": "The Scanpups Schema"
                                },
                                "useHeuristics": {
                                  "type": "boolean",
                                  "title": "The Useheuristics Schema"
                                }
                              }
                            },
                            "objectsScanned": {
                              "type": "integer",
                              "title": "The Objectsscanned Schema"
                            },
                            "scanResult": {
                              "type": "string",
                              "title": "The Scanresult Schema"
                            },
                            "type": {
                              "type": "string",
                              "title": "The Type Schema"
                            }
                          }
                        },
                        "fileSystem": {
                          "type": "string",
                          "title": "The Filesystem Schema"
                        },
                        "dbSDKUpdatePackageVersion": {
                          "type": "string",
                          "title": "The Dbsdkupdatepackageversion Schema"
                        },
                        "os": {
                          "type": "string",
                          "title": "The Os Schema"
                        },
                        "detectionDateTime": {
                          "type": "string",
                          "title": "The Detectiondatetime Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                          "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                          "examples": [
                            "2020-03-23T17:23:17.860482Z"
                          ]
                        },
                        "modulesDetected": {
                          "type": "integer",
                          "title": "The Modulesdetected Schema"
                        },
                        "licenseState": {
                          "type": "string",
                          "title": "The Licensestate Schema"
                        },
                        "loggedOnUserName": {
                          "type": "string",
                          "title": "The Loggedonusername Schema"
                        },
                        "filesDetected": {
                          "type": "integer",
                          "title": "The Filesdetected Schema"
                        },
                        "registryKeysDetected": {
                          "type": "integer",
                          "title": "The Registrykeysdetected Schema"
                        },
                        "applicationVersion": {
                          "type": "string",
                          "title": "The Applicationversion Schema"
                        }
                      }
                    },
                    "machine_name": {
                      "type": "string",
                      "title": "The Machine_name Schema"
                    },
                    "os_platform": {
                      "type": "string",
                      "title": "The Os_platform Schema"
                    },
                    "devices": {
                      "type": "object",
                      "title": "Device control related data"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.endpoint.id.scans.id"
      }
    },
    "/nebula/v1/endpoints/{id}/scans": {
      "get": {
        "description": "Get a list of scans of an endpoint.",
        "summary": "Get scans of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "The Since Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
            "schema": {
              "type": "string",
              "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$"
            }
          },
          {
            "name": "threats_detected",
            "required": false,
            "in": "query",
            "description": "Optional parameter to filter out scan results based on whether threats were found. If omitted defaults to returning all.",
            "schema": {
              "type": "string",
              "enum": [
                "true",
                "false",
                ""
              ]
            }
          },
          {
            "name": "start_index",
            "required": false,
            "in": "query",
            "description": "The start index for pagination",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "page_size",
            "required": false,
            "in": "query",
            "description": "The page size for pagination",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "populate",
            "required": false,
            "in": "query",
            "schema": {
              "type": "string",
              "pattern": "^schedules$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "The Get Endpoint By Id Scans Body 200 Schema",
                  "type": "array",
                  "items": {
                    "type": "object",
                    "title": "The Items Schema",
                    "required": [
                      "id",
                      "deleted_count",
                      "duration_seconds",
                      "found_count",
                      "from_cloud",
                      "machine_id",
                      "machine_name",
                      "ondemand",
                      "os_platform",
                      "quarantined_count",
                      "reported_at",
                      "scan_type",
                      "started_at",
                      "started_at_local",
                      "total_count"
                    ],
                    "additionalProperties": false,
                    "properties": {
                      "id": {
                        "type": "string",
                        "title": "The Scan_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "deleted_count": {
                        "type": "integer",
                        "title": "The Deleted_count Schema"
                      },
                      "duration_seconds": {
                        "type": "integer",
                        "title": "The Duration_seconds Schema"
                      },
                      "found_count": {
                        "type": "integer",
                        "title": "The Found_count Schema"
                      },
                      "from_cloud": {
                        "type": "boolean",
                        "title": "The From_cloud Schema"
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "The Machine_id Schema"
                      },
                      "machine_name": {
                        "type": "string",
                        "title": "The Machine_name Schema"
                      },
                      "ondemand": {
                        "type": "boolean",
                        "title": "The Ondemand Schema"
                      },
                      "os_platform": {
                        "type": "string",
                        "title": "The Os_platform Schema"
                      },
                      "quarantined_count": {
                        "type": "integer",
                        "title": "The Quarantined_count Schema"
                      },
                      "reported_at": {
                        "type": "string",
                        "title": "The Reported_at Schema"
                      },
                      "scan_type": {
                        "type": "string",
                        "title": "The Scan_type Schema"
                      },
                      "started_at": {
                        "type": "string",
                        "title": "The Started_at Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "started_at_local": {
                        "type": "string",
                        "title": "The Started_at_local Schema"
                      },
                      "total_count": {
                        "type": "integer",
                        "title": "The Total_count Schema"
                      },
                      "schedule_id": {
                        "type": "string",
                        "title": "The schedule ID. Present only if the scan is triggered by a schedule"
                      },
                      "schedule_name": {
                        "type": "string",
                        "title": "The schedule name. Present only if the scan is triggered by a schedule and populate=schedule is sent in the request"
                      },
                      "job_id": {
                        "type": "string",
                        "title": "The Job ID. Present only if the scan is triggered by a job"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.endpoint.id.scans"
      }
    },
    "/nebula/v1/endpoints/{id}/scans/{scan_id}/detections": {
      "get": {
        "description": "Get a list of detections of a scan of an endpoint.",
        "summary": "Get the detections of a scan",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "The Id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "scan_id",
            "required": true,
            "in": "path",
            "description": "The Scan_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "The Since Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
            "schema": {
              "type": "string",
              "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "The Get Endpoint By Id Scans By Id Detections Body 200 Schema",
                  "type": "object",
                  "required": [
                    "detections",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "detections": {
                      "type": "array",
                      "title": "The Threats Schema",
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "additionalProperties": true,
                        "required": [
                          "id",
                          "scan_id",
                          "machine_id",
                          "machine_name",
                          "group_id",
                          "detection_id",
                          "scanned_at",
                          "scanned_at_local",
                          "reported_at",
                          "status",
                          "type",
                          "path",
                          "category",
                          "ip_address",
                          "url",
                          "port",
                          "affected_application",
                          "md5",
                          "process_name"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "The Scan_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "The Machine_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "The Machine_name Schema"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "The Group_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "The Detection_id Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "The Scanned_at Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "scanned_at_local": {
                            "type": "string",
                            "title": "The Scanned_at_local Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "The Reported_at Schema (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "status": {
                            "type": "string",
                            "title": "The Status Schema"
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "The Threat_name Schema"
                          },
                          "type": {
                            "type": "array",
                            "title": "The Type Schema",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "path": {
                            "type": "string",
                            "title": "The Path Schema"
                          },
                          "category": {
                            "type": "string",
                            "title": "The Category Schema"
                          },
                          "ip_address": {
                            "type": "string",
                            "title": "The Ip_address Schema"
                          },
                          "url": {
                            "type": "string",
                            "title": "The Url Schema",
                            "examples": [
                              "https://example.com"
                            ]
                          },
                          "port": {
                            "type": "string",
                            "title": "The Port Schema"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "The Affected_application Schema"
                          },
                          "md5": {
                            "type": "string",
                            "title": "The Md5 Schema"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "The Process_name Schema"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The Total_count Schema"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.endpoint.id.scans.id.detections"
      }
    },
    "/nebula/v1/endpoints/{id}/status": {
      "get": {
        "description": "Get the status of an endpoint.",
        "summary": "Endpoint status",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Get Endpoint By Id Status Body 200 Schema",
                  "required": [
                    "remediation_required",
                    "reboot_required",
                    "suspicious_activity",
                    "isolation",
                    "scan_needed"
                  ],
                  "properties": {
                    "remediation_required": {
                      "type": "object",
                      "title": "Whether this endpoint requires remediation",
                      "required": [
                        "status",
                        "infection_count"
                      ],
                      "properties": {
                        "status": {
                          "type": "boolean",
                          "title": "True if it's infected"
                        },
                        "infection_count": {
                          "type": "integer",
                          "title": "Number of threats detected"
                        },
                        "job_state": {
                          "type": "integer",
                          "title": "State of the last job issued"
                        }
                      }
                    },
                    "reboot_required": {
                      "type": "object",
                      "title": "The Reboot_required Schema",
                      "required": [
                        "status",
                        "reasons"
                      ],
                      "properties": {
                        "status": {
                          "type": "boolean",
                          "title": "Status"
                        },
                        "reasons": {
                          "type": "integer",
                          "title": "Reasons"
                        },
                        "job_id": {
                          "type": "string",
                          "title": "Job ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        },
                        "job_state": {
                          "title": "Job state",
                          "type": "integer"
                        }
                      }
                    },
                    "suspicious_activity": {
                      "type": "object",
                      "title": "Suspicious activity",
                      "required": [
                        "status",
                        "count"
                      ],
                      "properties": {
                        "status": {
                          "type": "boolean",
                          "title": "Status"
                        },
                        "count": {
                          "type": "integer",
                          "title": "Count"
                        }
                      }
                    },
                    "isolation": {
                      "type": "object",
                      "title": "Isolation",
                      "required": [
                        "status",
                        "process",
                        "network",
                        "desktop"
                      ],
                      "properties": {
                        "status": {
                          "type": "boolean",
                          "title": "Status"
                        },
                        "process": {
                          "type": "boolean",
                          "title": "Process"
                        },
                        "network": {
                          "type": "boolean",
                          "title": "Network"
                        },
                        "desktop": {
                          "type": "boolean",
                          "title": "Desktop"
                        }
                      }
                    },
                    "scan_needed": {
                      "type": "object",
                      "title": "Scan needed",
                      "required": [
                        "status",
                        "job_state"
                      ],
                      "properties": {
                        "status": {
                          "type": "boolean",
                          "title": "Status"
                        },
                        "job_state": {
                          "type": [
                            "null",
                            "string"
                          ],
                          "title": "Job state"
                        },
                        "last_scanned_at": {
                          "type": "string",
                          "title": "Last time scanned at (Ex. \"2020-03-23T17:23:17.860482Z\")",
                          "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                          "examples": [
                            "2020-03-23T17:23:17.860482Z"
                          ]
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.rmm.get.endpoint.id.status"
      }
    },
    "/nebula/v1/endpoints/{id}/diag-log": {
      "get": {
        "description": "Get diagnostic logs of an endpoint.",
        "summary": "Get diagnostic logs of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get Diagnostic Logs Response",
                  "properties": {
                    "url": {
                      "type": "string",
                      "description": "The URL to download the diagnostic logs"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.endpoint.id.diag-log"
      }
    },
    "/nebula/v1/endpoints/{id}/quarantine": {
      "get": {
        "description": "Get the quarantined items of an endpoint",
        "summary": "Get quarantined items",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "name",
            "required": false,
            "in": "query",
            "description": "Search with quarantine threat name.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "category",
            "required": false,
            "in": "query",
            "description": "Search with quarantine category.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "type",
            "required": false,
            "in": "query",
            "description": "Search with quarantine type",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter since quarantine scan times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "until",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter until quarantine scan times.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "The get quearantines response",
                  "description": "Get quarantine for a given machine",
                  "examples": [
                    {
                      "quarantined_threats": [
                        {
                          "id": "957fc464-9ee1-473c-8f49-d89d2da1d5d8",
                          "scan_id": "00000000-0000-0000-0000-000000000000",
                          "machine_id": "0ac6eb75-3b3d-49ea-86ea-4349465d32bf",
                          "machine_name": "EndpointDetections",
                          "group_id": "999a0d78-a983-44fc-a302-995cdfb39da3",
                          "detection_id": "1491ac5b-60fc-439c-acd3-4e5e1881337f",
                          "scanned_at": "2020-05-20T13:21:21Z",
                          "scanned_at_local": "2020-05-20T13:21:21Z",
                          "reported_at": "2020-05-20T13:21:23.114719Z",
                          "threat_name": "ransomware.script",
                          "type": [
                            "file"
                          ],
                          "path": "C:\\Deploy\\RealTime\\ransomware.exe",
                          "category": "arw",
                          "ip_address": "",
                          "url": "",
                          "port": ""
                        }
                      ],
                      "total_count": 1,
                      "next_cursor": ""
                    }
                  ],
                  "required": [
                    "quarantined_threats",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "quarantined_threats": {
                      "type": "array",
                      "title": "List of quearantine threats",
                      "description": "List of quarantined threats.",
                      "examples": [
                        [
                          {
                            "id": "957fc464-9ee1-473c-8f49-d89d2da1d5d8",
                            "scan_id": "00000000-0000-0000-0000-000000000000",
                            "machine_id": "0ac6eb75-3b3d-49ea-86ea-4349465d32bf",
                            "machine_name": "EndpointDetections",
                            "group_id": "999a0d78-a983-44fc-a302-995cdfb39da3",
                            "detection_id": "1491ac5b-60fc-439c-acd3-4e5e1881337f",
                            "scanned_at": "2020-05-20T13:21:21Z",
                            "scanned_at_local": "2020-05-20T13:21:21Z",
                            "reported_at": "2020-05-20T13:21:23.114719Z",
                            "threat_name": "ransomware.script",
                            "type": [
                              "file"
                            ],
                            "path": "C:\\Deploy\\RealTime\\ransomware.exe",
                            "category": "arw",
                            "ip_address": "",
                            "url": "",
                            "port": ""
                          }
                        ]
                      ],
                      "items": {
                        "type": "object",
                        "title": "Get detection by id",
                        "additionalProperties": true,
                        "required": [
                          "id",
                          "scan_id",
                          "machine_id",
                          "detection_id",
                          "scanned_at",
                          "scanned_at_local",
                          "reported_at",
                          "status",
                          "type",
                          "path",
                          "category"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The ID of the detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Machine name"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID the endpoint has (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "group_name": {
                            "type": "string",
                            "title": "Group name the endpoint has"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "The ID of the policy associated to the machine where this detection happened (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection id from endpoint"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "scanned_at_local": {
                            "type": "string",
                            "title": "Scanned at local time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Detection reported at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "action_taken": {
                            "type": "string",
                            "title": "Action Taken",
                            "examples": [
                              "unknown",
                              "failed",
                              "noActionByUser",
                              "quarantined",
                              "replaced",
                              "deleteOnReboot",
                              "replaceOnReboot",
                              "blocked",
                              "whitelisted",
                              "unquarantined"
                            ]
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "type": {
                            "type": "array",
                            "title": "Type",
                            "items": {
                              "type": "string",
                              "title": "Items"
                            }
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "ip_address": {
                            "type": "string",
                            "title": "IP address"
                          },
                          "url": {
                            "type": "string",
                            "title": "Url"
                          },
                          "port": {
                            "type": "string",
                            "title": "Port"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "Affected application"
                          },
                          "md5": {
                            "type": "string",
                            "title": "Md5"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of items",
                      "description": "Total count of items",
                      "default": 0,
                      "examples": [
                        1
                      ]
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.quarantine"
      }
    },
    "/nebula/v1/endpoints/{id}/sa/{sa_id}/close": {
      "put": {
        "description": "Close suspicious activity of an endpoint.",
        "summary": "Close suspicious activity of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sa_id",
            "required": true,
            "in": "path",
            "description": "Suspicious activity ID",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.endpoint.id.sa.sa_id.close"
      }
    },
    "/nebula/v1/endpoints/{id}/sa/{sa_id}/open": {
      "put": {
        "description": "Open suspicious activity of an endpoint.",
        "summary": "Open suspicious activity of an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sa_id",
            "required": true,
            "in": "path",
            "description": "Suspicious activity ID",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.get.endpoint.id.sa.sa_id.open"
      }
    },
    "/nebula/v1/endpoints/{id}/tags": {
      "put": {
        "description": "Add alias to a machine by its ids. To remove the alias, send an empty string",
        "summary": "Set endpoint tags",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Set endpoint tags",
                "required": [
                  "alias"
                ],
                "properties": {
                  "alias": {
                    "type": "string",
                    "title": "Alias name for the machine. Empty string to remove the alias"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search endpoints",
                  "required": [
                    "created_at",
                    "resource_id",
                    "tags"
                  ],
                  "properties": {
                    "created_at": {
                      "type": "string",
                      "title": "When the alias was created"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "When the alias was created"
                    },
                    "resource_id": {
                      "type": "string",
                      "title": "Unique identifier for this resource"
                    },
                    "tags": {
                      "type": "object",
                      "title": "Tags object",
                      "properties": {
                        "alias": {
                          "type": "string",
                          "title": "alias"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.v2.nebula.put.endpoint.id.tags"
      }
    },
    "/nebula/v1/endpoints/search-groupby": {
      "post": {
        "description": "Search grouped endpoints",
        "summary": "Search grouped endpoints",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Endpoints Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "properties": {
                      "name_multi_search": {
                        "type": "string",
                        "title": "Search either alias, host name of fully qualified host name"
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified id"
                      },
                      "is_isolated": {
                        "type": "boolean",
                        "title": "Indicates whether the endpoints are isolated or not"
                      },
                      "is_software_update_available": {
                        "type": "boolean",
                        "title": "Indicates whether the agent has an available update"
                      },
                      "has_alerts": {
                        "type": "boolean",
                        "title": "Indicates whether the endpoint needs attention"
                      },
                      "alerts.codes": {
                        "type": "string",
                        "title": "Alert codes"
                      },
                      "suspicious_activity_found": {
                        "type": "boolean",
                        "title": "Filter the search to the endpoints that have open suspicious activities"
                      },
                      "reboot_required": {
                        "type": "boolean",
                        "title": "Filter the search to the endpoints needing a reboot"
                      },
                      "infection_found": {
                        "type": "boolean",
                        "title": "Filter the search to the endpoints with one or more security threats found"
                      },
                      "policy_id": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified policy (id)"
                      },
                      "policy_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified policy (name)"
                      },
                      "policy_etag": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified policy etag"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified domain name"
                      },
                      "engine_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified engine version"
                      },
                      "last_user": {
                        "type": "string",
                        "title": "Last user that logged into the machine"
                      },
                      "last_user.keyword": {
                        "type": "string",
                        "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "alias": {
                        "type": "string",
                        "title": "Aliases for the machine"
                      },
                      "plugins.siem.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                      },
                      "plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified SIEM plugin version"
                      },
                      "plugins.siem.alerts.codes": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified SIEM alerts"
                      },
                      "plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                      },
                      "plugins.browser_phishing_protection.alerts.codes": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                      },
                      "plugins.incident_response.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                      },
                      "plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified IR plugin version"
                      },
                      "plugins.incident_response.alerts.codes": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified IR plugin alerts"
                      },
                      "plugins.endpoint_detection_and_response.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                      },
                      "plugins.endpoint_detection_and_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EDR plugin version"
                      },
                      "plugins.endpoint_detection_and_response.alerts.codes": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                      },
                      "plugins.endpoint_protection.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                      },
                      "plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP update package version"
                      },
                      "plugins.endpoint_protection.update_package_version.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with wildcard EP update package version"
                      },
                      "plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP component package version"
                      },
                      "plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP SDK version"
                      },
                      "plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP plugin version"
                      },
                      "plugins.endpoint_protection.alerts.codes": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP plugin alerts"
                      },
                      "plugins.asset_manager.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                      },
                      "plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified asset manager plugin version"
                      },
                      "plugins.asset_manager.alerts.codes": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified asset manager alerts"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified, fully qualified host name"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified host name"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified release name of OS"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified release name of OS"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS architecture"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS version"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS type"
                      },
                      "nics.description": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified NICS description"
                      },
                      "nics.mac_address": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified NICS MAC address"
                      },
                      "nics.ips": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified ips"
                      },
                      "group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "policy_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "engine_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by specified engine version."
                      },
                      "engine_version_gt": {
                        "type": "string",
                        "title": "Filter the search by engine version greater than specified value."
                      },
                      "engine_version_gte": {
                        "type": "string",
                        "title": "Filter the search by engine version greater than or equal to specified value."
                      },
                      "engine_version_lt": {
                        "type": "string",
                        "title": "Filter the search by engine version less than specified value."
                      },
                      "engine_version_lte": {
                        "type": "string",
                        "title": "Filter the search by engine version less than or equal to specified value."
                      },
                      "protection_status": {
                        "type": "string",
                        "title": "Protection status of the endpoint(s)",
                        "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter the search by group id"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter the search by group's name"
                      },
                      "source_location.city": {
                        "type": "string",
                        "title": "Source location city filter"
                      },
                      "source_location.country": {
                        "type": "string",
                        "title": "Source location country filter"
                      },
                      "source_location.country_iso": {
                        "type": "string",
                        "title": "Source location country_iso filter"
                      },
                      "source_location.continent": {
                        "type": "string",
                        "title": "Source location continent filter"
                      },
                      "source_location.time_zone": {
                        "type": "string",
                        "title": "Source location time_zone filter"
                      },
                      "source_location.postal_code": {
                        "type": "string",
                        "title": "Source location postal_code filter"
                      },
                      "source_location.subdivisions": {
                        "type": "string",
                        "title": "Source location subdivisions filter"
                      },
                      "source_location.is_anonymous_proxy": {
                        "type": "boolean",
                        "title": "Source location is_anonymous_proxy filter"
                      },
                      "machine_ip": {
                        "type": "string",
                        "title": "machine_ip filter"
                      },
                      "serial_number": {
                        "type": "string",
                        "title": "Serial number filter"
                      },
                      "serial_number.keyword": {
                        "type": "string",
                        "title": "Serial number filter"
                      },
                      "object_guid": {
                        "type": "string",
                        "title": "object_guid filter"
                      },
                      "is_deleted": {
                        "type": "boolean",
                        "default": false,
                        "nullable": true,
                        "title": "is_deleted filter"
                      },
                      "vulnerabilities_found_total_gt": {
                        "type": "number",
                        "title": "vulnerabilities_found_total_gt"
                      },
                      "vulnerabilities_found_total_lt": {
                        "type": "number",
                        "title": "vulnerabilities_found_total_lt"
                      },
                      "vulnerabilities_found_total_gte": {
                        "type": "number",
                        "title": "vulnerabilities_found_total_gte"
                      },
                      "vulnerabilities_found_total_lte": {
                        "type": "number",
                        "title": "vulnerabilities_found_total_lte"
                      },
                      "connected": {
                        "type": "boolean",
                        "title": "connected"
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "enum": [
                          "at",
                          "nics.ips",
                          "nics.mac_address",
                          "nics.description",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "host_name",
                          "fully_qualified_host_name",
                          "plugins.asset_manager.plugin_version",
                          "plugins.asset_manager.reboot_reason",
                          "plugins.endpoint_protection.plugin_version",
                          "plugins.endpoint_protection.sdk_version",
                          "plugins.endpoint_protection.component_package_version",
                          "plugins.endpoint_protection.update_package_version",
                          "plugins.endpoint_protection.reboot_reason",
                          "plugins.endpoint_detection_and_response.plugin_version",
                          "plugins.endpoint_detection_and_response.reboot_reason",
                          "plugins.incident_response.plugin_version",
                          "plugins.incident_response.reboot_reason",
                          "plugins.siem.plugin_version",
                          "plugins.browser_phishing_protection.plugin_version",
                          "plugins.siem.reboot_reason",
                          "engine_version",
                          "domain_name",
                          "policy_etag",
                          "account_id",
                          "group_id",
                          "root_group_id",
                          "group_name",
                          "policy_name",
                          "policy_id",
                          "deleted_at",
                          "created_at",
                          "marked_for_deletion",
                          "is_deleted",
                          "last_day_seen",
                          "last_scanned_at",
                          "last_user",
                          "tags.alias",
                          "name_multi_search",
                          "machine_ip",
                          "serial_number",
                          "object_guid",
                          "vulnerabilities_found.critical",
                          "vulnerabilities_found.high",
                          "vulnerabilities_found.medium",
                          "vulnerabilities_found.low",
                          "vulnerabilities_found.none",
                          "vulnerabilities_found.total",
                          "os_patches_available",
                          "last_assets_scan_at",
                          "connected"
                        ]
                      },
                      "multi_sort": {
                        "type": "array",
                        "title": "The multi_sort schema",
                        "items": {
                          "type": "object",
                          "title": "Sort field and direction",
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "direction": {
                              "type": "string",
                              "title": "Direction",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "missing": {
                              "type": "string",
                              "title": "Missing values sorting",
                              "enum": [
                                "_first",
                                "_last"
                              ]
                            }
                          }
                        }
                      },
                      "populate": {
                        "type": "object",
                        "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                        "properties": {
                          "last_job": {
                            "type": "boolean",
                            "title": "The last_job data"
                          },
                          "account": {
                            "type": "boolean",
                            "title": "The account data"
                          },
                          "default_group": {
                            "type": "boolean",
                            "title": "Specify whether the group is default"
                          },
                          "app_block": {
                            "type": "boolean",
                            "title": "Specify the number of app block activity"
                          },
                          "platform": {
                            "type": "boolean",
                            "title": "Specify the platform on OS release name aggregation"
                          }
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "default": [],
                        "items": {
                          "type": "string",
                          "title": "The Items Schema",
                          "enum": [
                            "has_alerts",
                            "infected",
                            "suspicious",
                            "scan_needed",
                            "reboot_required",
                            "check-in_status",
                            "isolated",
                            "protection_status",
                            "os_info.os_release_name",
                            "nics.ips",
                            "nics.mac_address",
                            "nics.description",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "host_name",
                            "fully_qualified_host_name",
                            "plugins.asset_manager.plugin_version",
                            "plugins.asset_manager.reboot_reason",
                            "plugins.asset_manager.alerts.codes",
                            "plugins.endpoint_protection.plugin_version",
                            "plugins.endpoint_protection.sdk_version",
                            "plugins.endpoint_protection.alerts.codes",
                            "plugins.endpoint_protection.component_package_version",
                            "plugins.endpoint_protection.update_package_version",
                            "plugins.endpoint_protection.reboot_reason",
                            "plugins.endpoint_detection_and_response.plugin_version",
                            "plugins.endpoint_detection_and_response.reboot_reason",
                            "plugins.endpoint_detection_and_response.alerts.codes",
                            "plugins.incident_response.plugin_version",
                            "plugins.incident_response.reboot_reason",
                            "plugins.incident_response.alerts.codes",
                            "plugins.siem.plugin_version",
                            "plugins.siem.reboot_reason",
                            "plugins.siem.alerts.codes",
                            "engine_version",
                            "domain_name",
                            "policy_etag",
                            "account_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "policy_name",
                            "policy_id",
                            "is_deleted",
                            "is_software_update_available",
                            "machine_ip",
                            "object_guid",
                            "serial_number"
                          ]
                        }
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      },
                      "at_after": {
                        "type": "string",
                        "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "1970-01-01T00:00:00Z"
                        ]
                      },
                      "at_before": {
                        "type": "string",
                        "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "last_day_seen_before": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "last_scan_before": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "last_scan_after": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "last_day_seen_after": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "marked_for_deletion_after": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "marked_for_deletion_before": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "deleted_at_after": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "deleted_at_before": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "created_at_after": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "created_at_before": {
                        "type": "string",
                        "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "last_assets_scan_at_after": {
                        "type": "string",
                        "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "last_assets_scan_at_before": {
                        "type": "string",
                        "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "app_block_count_after": {
                        "type": "string",
                        "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The sort field Schema",
                    "enum": [
                      "os_info.os_platform",
                      "os_info.os_type",
                      "os_info.os_architecture",
                      "os_info.os_version",
                      "os_info.os_release_name",
                      "engine_version",
                      "policy_etag",
                      "account_id",
                      "group_id",
                      "root_group_id",
                      "policy_id",
                      "machine_ip",
                      "last_user",
                      "object_guid",
                      "plugins.endpoint_protection.sdk_version",
                      "plugins.endpoint_protection.component_package_version",
                      "plugins.endpoint_protection.update_package_version",
                      "serial_number",
                      "protection_status",
                      "plugins.browser_phishing_protection.plugin_version"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page_size Schema",
                    "minimum": 50,
                    "maximum": 2000
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Endpoints Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": [
                              "object",
                              "string"
                            ],
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "name": {
                            "type": "string",
                            "title": "The Total Schema"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Endpoints"
        ],
        "operationId": "api.nebula.v1.search.endpoints.group"
      }
    },
    "/nebula/v1/webhooks/subscriptions": {
      "post": {
        "description": "Use this api endpoint to create a webhook subscription for a given account. This allows you to receive security events for the provided account.",
        "summary": "Create subscription",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Webhooks Subscriptions Post Schema",
                "required": [
                  "url",
                  "enabled",
                  "events"
                ],
                "properties": {
                  "url": {
                    "type": "string",
                    "title": "The URL where you want to receive the webhook notification (Ex. \"https://example.com\")",
                    "pattern": "^https://.{4,}$",
                    "examples": [
                      "https://example.com"
                    ]
                  },
                  "description": {
                    "type": "string",
                    "title": "Description for this subscription"
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Whether this subscription is enabled or not"
                  },
                  "events": {
                    "type": "array",
                    "title": "The Events you want to subscribe to",
                    "minItems": 1,
                    "items": {
                      "type": "string",
                      "title": "The Items Schema",
                      "enum": [
                        "all",
                        "detection",
                        "job_status_change",
                        "machine_events",
                        "threat_events",
                        "agent_events",
                        "quarantine_events",
                        "edr_events",
                        "syslog_events",
                        "exclusion_events",
                        "scheduled_events",
                        "policy_events",
                        "user_events",
                        "drive_events",
                        "cve_events",
                        "dns_events",
                        "license_events",
                        "appblock_events",
                        "endpoint_events"
                      ]
                    }
                  },
                  "custom_headers": {
                    "type": "array",
                    "title": "Custom headers you want to receive",
                    "items": {
                      "type": "object",
                      "title": "The Items Schema",
                      "required": [
                        "key",
                        "value"
                      ],
                      "properties": {
                        "key": {
                          "type": "string",
                          "title": "The key of the header",
                          "examples": [
                            "authorization"
                          ]
                        },
                        "value": {
                          "type": "string",
                          "title": "The value of the header"
                        }
                      }
                    }
                  },
                  "max_retries": {
                    "type": "integer",
                    "title": "The max number of times the webhooks should retry upon failures",
                    "default": 10,
                    "exclusiveMinimum": 0,
                    "maximum": 10
                  },
                  "secret_token": {
                    "type": "string",
                    "title": "The signing key used to compute the HMAC of the payload"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Webhooks Subscriptions Post Response Schema",
                  "required": [
                    "id",
                    "url",
                    "enabled",
                    "events"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The unique identifier for this subscription (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "url": {
                      "type": "string",
                      "title": "The URL where you want to receive the webhook notification (Ex. \"https://example.com\")",
                      "pattern": "^https://.{4,}$",
                      "examples": [
                        "https://example.com"
                      ]
                    },
                    "description": {
                      "type": "string",
                      "title": "The Description for this subscription"
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Whether this subscription is enabled or not"
                    },
                    "events": {
                      "type": "array",
                      "title": "The Events you want to subscribe to",
                      "minItems": 1,
                      "items": {
                        "type": "string",
                        "title": "Event",
                        "enum": [
                          "detection",
                          "job_status_change"
                        ]
                      }
                    },
                    "custom_headers": {
                      "type": "array",
                      "title": "Custom headers you want to receive",
                      "items": {
                        "type": "object",
                        "title": "Items",
                        "required": [
                          "key",
                          "value"
                        ],
                        "properties": {
                          "key": {
                            "type": "string",
                            "title": "The key of the header",
                            "examples": [
                              "authorization"
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "The value of the header"
                          }
                        }
                      }
                    },
                    "max_retries": {
                      "type": "integer",
                      "title": "The maximum number of times the webhooks should retry upon failures",
                      "default": 10,
                      "exclusiveMinimum": 0,
                      "maximum": 10
                    },
                    "secret_token": {
                      "type": "string",
                      "title": "The signing key used to compute the HMAC of the payload"
                    },
                    "client_id": {
                      "type": "string",
                      "title": "client ID",
                      "examples": [
                        "mwb-cloud-d0ecec48fa24de7706f2a0be2e1b8cf6"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Webhooks"
        ],
        "operationId": "api.v2.nebula.post.webhooks.subscriptions"
      },
      "get": {
        "description": "Retrieve all webhook subscriptions of your account",
        "summary": "Get all subscriptions",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_read"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Webhooks' subscriptions",
                  "required": [
                    "records",
                    "next_cursor"
                  ],
                  "properties": {
                    "records": {
                      "type": "array",
                      "title": "Subscription records",
                      "items": {
                        "type": "object",
                        "title": "List items",
                        "required": [
                          "id",
                          "url",
                          "enabled",
                          "events"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "url": {
                            "type": "string",
                            "title": "Url (Ex. \"https://example.com\")",
                            "pattern": "^https://.{4,}$",
                            "examples": [
                              "https://example.com"
                            ]
                          },
                          "description": {
                            "type": "string",
                            "title": "Description"
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enabled"
                          },
                          "events": {
                            "type": "array",
                            "title": "Events",
                            "items": {
                              "type": "string",
                              "title": "Event Items"
                            }
                          },
                          "custom_headers": {
                            "type": "array",
                            "title": "Custom headers",
                            "items": {
                              "type": "object",
                              "title": "Custom headers items",
                              "required": [
                                "key",
                                "value"
                              ],
                              "properties": {
                                "key": {
                                  "type": "string",
                                  "title": "The header key",
                                  "examples": [
                                    "authorization"
                                  ]
                                },
                                "value": {
                                  "type": "string",
                                  "title": "The header value"
                                }
                              }
                            }
                          },
                          "max_retries": {
                            "type": "integer",
                            "title": "Maximum number of retries event payload is sent to webhook without receiving success response."
                          },
                          "secret_token": {
                            "type": "string",
                            "title": "The signing key used to compute the HMAC of the payload"
                          },
                          "client_id": {
                            "type": "string",
                            "title": "client ID",
                            "examples": [
                              "mwb-cloud-d0ecec48fa24de7706f2a0be2e1b8cf6"
                            ]
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Webhooks"
        ],
        "operationId": "api.v2.nebula.webhooks.subscriptions.get"
      }
    },
    "/nebula/v1/webhooks/subscriptions/{id}": {
      "delete": {
        "description": "Delete a webhook subscription if you want to stop receiving notifications. If you want to temporarily disable notifications, update the subscription by setting enable to false.",
        "summary": "Delete subscription",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Webhooks"
        ],
        "operationId": "api.v2.nebula.post.webhooks.subscriptions.delete"
      },
      "get": {
        "description": "Retrieve a subscription by its unique identifier.",
        "summary": "Get a subscription",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_read"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Webhooks Subscriptions Get Id Schema",
                  "required": [
                    "id",
                    "url",
                    "enabled",
                    "events"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "url": {
                      "type": "string",
                      "title": "Url of the webhook. (Ex. \"https://example.com\")",
                      "pattern": "^https://.{4,}$",
                      "examples": [
                        "https://example.com"
                      ]
                    },
                    "description": {
                      "type": "string",
                      "title": "Description of the webhook"
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Webhook is enabled"
                    },
                    "events": {
                      "type": "array",
                      "title": "List of events webhook starts to receive.",
                      "items": {
                        "type": "string",
                        "title": "The Items Schema"
                      }
                    },
                    "custom_headers": {
                      "type": "array",
                      "title": "Custom headers",
                      "items": {
                        "type": "object",
                        "title": "Custom headers items",
                        "required": [
                          "key",
                          "value"
                        ],
                        "properties": {
                          "key": {
                            "type": "string",
                            "title": "The header key",
                            "examples": [
                              "authorization"
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "The header value"
                          }
                        }
                      }
                    },
                    "max_retries": {
                      "type": "integer",
                      "title": "Maximum number of retries event payload is sent to webhook without receiving success response.",
                      "default": 10
                    },
                    "secret_token": {
                      "type": "string",
                      "title": "The signing key used to compute the HMAC of the payload"
                    },
                    "client_id": {
                      "type": "string",
                      "title": "client ID",
                      "examples": [
                        "mwb-cloud-d0ecec48fa24de7706f2a0be2e1b8cf6"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Webhooks"
        ],
        "operationId": "api.v2.nebula.webhooks.subscriptions.get.id"
      },
      "put": {
        "description": "Update a subscription by its unique identifier.",
        "summary": "Update a subscription",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Add webhook",
                "required": [
                  "url",
                  "enabled",
                  "events"
                ],
                "properties": {
                  "url": {
                    "type": "string",
                    "title": "Url of the webhook. (Ex. \"https://example.com\")",
                    "pattern": "^https://.{4,}$",
                    "examples": [
                      "https://example.com"
                    ]
                  },
                  "description": {
                    "type": "string",
                    "title": "Description of the webhook"
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Webhook is enabled"
                  },
                  "events": {
                    "type": "array",
                    "title": "List of events webhook starts to receive.",
                    "items": {
                      "type": "string",
                      "title": "List items",
                      "enum": [
                        "all",
                        "detection",
                        "job_status_change",
                        "machine_events",
                        "threat_events",
                        "agent_events",
                        "quarantine_events",
                        "edr_events",
                        "syslog_events",
                        "exclusion_events",
                        "scheduled_events",
                        "policy_events",
                        "user_events",
                        "drive_events",
                        "cve_events",
                        "dns_events",
                        "license_events",
                        "appblock_events",
                        "endpoint_events"
                      ]
                    }
                  },
                  "custom_headers": {
                    "type": "array",
                    "title": "Custom headers",
                    "items": {
                      "type": "object",
                      "title": "Custom headers items",
                      "required": [
                        "key",
                        "value"
                      ],
                      "properties": {
                        "key": {
                          "type": "string",
                          "title": "The header key",
                          "examples": [
                            "authorization"
                          ]
                        },
                        "value": {
                          "type": "string",
                          "title": "The header value"
                        }
                      }
                    }
                  },
                  "max_retries": {
                    "type": "integer",
                    "title": "Maximum number of retries event payload is sent to webhook without receiving success response.",
                    "default": 10
                  },
                  "secret_token": {
                    "type": "string",
                    "title": "The signing key used to compute the HMAC of the payload"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Update webhook",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "url": {
                      "type": "string",
                      "title": "URL of the webhook. (Ex. \"https://example.com\")",
                      "pattern": "^https://.{4,}$",
                      "examples": [
                        "https://example.com"
                      ]
                    },
                    "description": {
                      "type": "string",
                      "title": "Description of the webhook"
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Webhook is enabled"
                    },
                    "events": {
                      "type": "array",
                      "title": "List of events webhook starts to receive.",
                      "items": {
                        "type": "string",
                        "title": "List items"
                      }
                    },
                    "custom_headers": {
                      "type": "array",
                      "title": "Custom headers",
                      "items": {
                        "type": "object",
                        "title": "Custom headers items",
                        "required": [
                          "key",
                          "value"
                        ],
                        "properties": {
                          "key": {
                            "type": "string",
                            "title": "The header key",
                            "examples": [
                              "authorization"
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "The header value"
                          }
                        }
                      }
                    },
                    "max_retries": {
                      "type": "integer",
                      "title": "Maximum number of retries event payload is sent to webhook without receiving success response.",
                      "default": 10
                    },
                    "secret_token": {
                      "type": "string",
                      "title": "The signing key used to compute the HMAC of the payload"
                    },
                    "client_id": {
                      "type": "string",
                      "title": "client ID",
                      "examples": [
                        "mwb-cloud-d0ecec48fa24de7706f2a0be2e1b8cf6"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Webhooks"
        ],
        "operationId": "api.v2.nebula.post.webhooks.subscriptions.update"
      }
    },
    "/nebula/v1/installers": {
      "get": {
        "description": "Endpoint software can be installed in the following ways:\n\n- Active Directory (AD) Group Policy\n- System Center Configuration Manager (SCCM)\n- Third-party deployment tools\n- Manually on the endpoints\n- Discovery & Deployment Tool\n- Once the installation is complete, the endpoints display in the Nebula console.\n\nTo retrieve account-specific installers, use the following API endpoints. The response includes a download URL for all the available installers. These download URLs expire in one hour.\n\nThe available installers are:\n\n| Name        | Description                                                                                                                                                               |\n|-------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| win_msi     | This .msi installation package is lightweight. It includes the 32-bit Endpoint Agent, but does not include the .NET framework or other required software.                 |\n| x64_msi     | This .msi installation package is lightweight. It includes the 64-bit Endpoint Agent, but does not include the .NET framework or other required software.                 |\n| ea2_arm_msi | This .msi installation package is for Windows ARM devices running Windows 11. It includes the ARM Endpoint Agent and .NET 8 runtime.                                      |\n| ea2_x64_msi | This .msi installation package is for the Endpoint Agent version 2. It includes the 64-bit Endpoint Agent and .NET 8 runtime.                                             |\n| ea2_x86_msi | This .msi installation package is for the Endpoint Agent version 2. It includes the 32-bit Endpoint Agent and .NET 8 runtime.                                             |\n| mac_os      | macOS 10.11 El Capitan up to macOS 15 Sequoia. This .pkg installer package includes the Endpoint Agent.                                                                   |\n\nPlease note: the hash fields remain to not change the response, however they will be empty strings. This is due to a change in installer generation.\nIf you require the installer's hash, check the response header under 'x-amz-meta-x-checksum-sha256'.\nwin_full and win_web have been deprecated but will remain in the response.\n",
        "summary": "Retrieve installers's links",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get all installers for your managed nebula account",
                  "properties": {
                    "win_msi": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "x64_msi": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "win_web": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "win_full": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "mac_os": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "ea2_arm_msi": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "ea2_x64_msi": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    },
                    "ea2_x86_msi": {
                      "type": "object",
                      "title": "Details about the installer",
                      "properties": {
                        "url": {
                          "type": "string",
                          "title": "The Download URL. Will expire after 60 seconds"
                        },
                        "link": {
                          "type": "string",
                          "title": "Non expirable download links"
                        },
                        "md5": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "sha256": {
                          "type": "string",
                          "title": "Checksum"
                        },
                        "version": {
                          "type": "string",
                          "title": "The version of this installer"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Installers"
        ],
        "operationId": "api.nebula.get.installers"
      }
    },
    "/nebula/v1/events": {
      "get": {
        "description": "Retrieve events associated with your account.",
        "summary": "Retrieve events",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "search_string",
            "required": false,
            "in": "query",
            "description": "Search with events with event string.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "machine_id",
            "required": false,
            "in": "query",
            "description": "Search with machine_id",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "start",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter since event times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "end",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter until event times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "severity_flags",
            "required": false,
            "in": "query",
            "description": "Filter with severity flag",
            "schema": {
              "type": "number",
              "enum": [
                0,
                1,
                2,
                4,
                8
              ]
            }
          },
          {
            "name": "source",
            "required": false,
            "in": "query",
            "description": "Filter by event source",
            "schema": {
              "type": "number",
              "enum": [
                1,
                2,
                3,
                4,
                5,
                6
              ]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Collection of events",
                  "required": [
                    "events",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "events": {
                      "type": "array",
                      "title": "List of events",
                      "items": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Event",
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID"
                          },
                          "user_id": {
                            "type": "string",
                            "title": "User ID"
                          },
                          "source": {
                            "type": [
                              "integer",
                              "string"
                            ],
                            "title": "Source"
                          },
                          "source_name": {
                            "type": "string",
                            "title": "Source name"
                          },
                          "type": {
                            "type": [
                              "integer",
                              "string"
                            ],
                            "title": "Type"
                          },
                          "type_name": {
                            "type": "string",
                            "title": "Type name"
                          },
                          "friendly_type": {
                            "type": "string",
                            "title": "Friendly name of type"
                          },
                          "severity": {
                            "type": [
                              "integer",
                              "string"
                            ],
                            "title": "Severity"
                          },
                          "severity_name": {
                            "type": "string",
                            "title": "Severity name"
                          },
                          "details": {
                            "type": [
                              "object",
                              "array"
                            ],
                            "additionalProperties": true,
                            "title": "Details",
                            "properties": {
                              "message": {
                                "type": "string",
                                "title": "Message"
                              },
                              "filename": {
                                "type": "string",
                                "title": "Filename"
                              },
                              "name": {
                                "type": "string",
                                "title": "Name"
                              },
                              "user_email": {
                                "type": "string",
                                "title": "User email"
                              },
                              "user_name": {
                                "type": "string",
                                "title": "User name"
                              },
                              "user_role": {
                                "type": "string",
                                "title": "User role"
                              }
                            }
                          },
                          "timestamp": {
                            "type": "string",
                            "title": "Timestamp",
                            "examples": [
                              "2020-03-10T00:00:18.247444Z"
                            ]
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Events"
        ],
        "operationId": "api.nebula.get.events"
      }
    },
    "/nebula/v1/policies/{id}": {
      "delete": {
        "description": "Delete policy.",
        "summary": "Delete policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.delete.policy"
      },
      "get": {
        "description": "Get policy by id.",
        "summary": "Get policy by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate",
            "required": false,
            "in": "query",
            "schema": {
              "type": "string",
              "pattern": "^(groups|exclusions)([,](groups|exclusions))*$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.get.policy.id"
      },
      "put": {
        "description": "Update policy.",
        "summary": "Update policy",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Put Policy Request",
                "required": [
                  "name",
                  "contents",
                  "etag"
                ],
                "properties": {
                  "contents": {
                    "type": "object",
                    "additionalProperties": true,
                    "title": "Policy contents",
                    "properties": {
                      "policy": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Policy",
                        "examples": [
                          {
                            "startup_options": {
                              "timeout": "60000",
                              "toggle_on": true
                            },
                            "sirius_update_schedule": "FREQ=DAILY",
                            "updates": {
                              "pause_until": "2020-04-10T14:55:00+03:00"
                            },
                            "endpoint_interface_options": {
                              "allow_run_threat_scan": true,
                              "show_threat_scan_shortcuts": true,
                              "limit_endpoint_agent_control": true,
                              "show_tray_icon": "true",
                              "show_windows_contextmenu": true,
                              "display_rtp_events": true
                            },
                            "endpoint_tamper_protection": {
                              "uninstall_password": "$2a$10$EPD4LGvmr7zGoh7wXb9iUe.l5bikO/UzeayibCu1q/tFNT22ePQOK"
                            },
                            "protect_service": true
                          }
                        ],
                        "properties": {
                          "updates": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Software Updates",
                            "examples": [
                              {
                                "pause_until": "2020-04-10T14:55:00+03:00"
                              }
                            ],
                            "properties": {
                              "pause_until": {
                                "type": [
                                  "string",
                                  "null"
                                ],
                                "title": "While paused, prevents ThreatDown software from updating (Windows Only)",
                                "examples": [
                                  "2020-04-10T14:55:00+03:00"
                                ]
                              }
                            }
                          },
                          "protect_service": {
                            "type": "boolean",
                            "title": "Prevents ThreatDown services and processes from being stopped (Windows 10 only)",
                            "examples": [
                              true
                            ]
                          },
                          "startup_options": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Allow services additional time to start",
                            "examples": [
                              {
                                "timeout": "60000",
                                "toggle_on": true
                              }
                            ],
                            "properties": {
                              "timeout": {
                                "type": [
                                  "integer",
                                  "string"
                                ],
                                "title": "Adjust the timeout period for all services, milliseconds. Max 10min.",
                                "examples": [
                                  60000
                                ]
                              },
                              "toggle_on": {
                                "type": "boolean",
                                "title": "Provide all services with additional time to initiate",
                                "examples": [
                                  false
                                ]
                              }
                            }
                          },
                          "sirius_update_schedule": {
                            "type": "string",
                            "title": "How often agent should be updated",
                            "examples": [
                              "FREQ=DAILY"
                            ]
                          },
                          "endpoint_interface_options": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Endpoint interface options",
                            "examples": [
                              {
                                "show_windows_contextmenu": true,
                                "display_rtp_events": true,
                                "allow_run_threat_scan": true,
                                "show_threat_scan_shortcuts": true,
                                "limit_endpoint_agent_control": true,
                                "show_tray_icon": "true"
                              }
                            ],
                            "properties": {
                              "show_tray_icon": {
                                "type": [
                                  "string",
                                  "boolean"
                                ],
                                "title": "Show Malwarebytes icon in notification area",
                                "examples": [
                                  "true"
                                ]
                              },
                              "display_rtp_events": {
                                "type": "boolean",
                                "title": "Display real-time protection notifications",
                                "examples": [
                                  true
                                ]
                              },
                              "allow_run_threat_scan": {
                                "type": "boolean",
                                "title": "Allow users to run a Threat Scan (all threats will be quarantined automatically)",
                                "examples": [
                                  true
                                ]
                              },
                              "show_windows_contextmenu": {
                                "type": "boolean",
                                "title": "Show ThreatDown option in context menus (Windows only)",
                                "examples": [
                                  true
                                ]
                              },
                              "show_threat_scan_shortcuts": {
                                "type": "boolean",
                                "title": "Show ThreatDown shortcuts on Start menu and desktop to run Threat Scans (Windows only)",
                                "examples": [
                                  true
                                ]
                              },
                              "limit_endpoint_agent_control": {
                                "type": "boolean",
                                "title": "The Limit_endpoint_agent_control Schema",
                                "description": "Allow only Administrator level users to interact with the ThreatDown Tray (Windows only, not supported in XP or Server 2003)",
                                "examples": [
                                  true
                                ]
                              }
                            }
                          },
                          "endpoint_tamper_protection": {
                            "type": [
                              "object",
                              "null"
                            ],
                            "additionalProperties": true,
                            "title": "Tamper protection",
                            "examples": [
                              {
                                "uninstall_password": "$2a$10$EPD4LGvmr7zGoh7wXb9iUe.l5bikO/UzeayibCu1q/tFNT22ePQOK"
                              }
                            ],
                            "properties": {
                              "uninstall_password": {
                                "type": "string",
                                "title": "Encrypted password",
                                "examples": [
                                  ""
                                ]
                              }
                            }
                          }
                        }
                      },
                      "status": {
                        "type": "string",
                        "title": "Status of the Policy",
                        "examples": [
                          "ok"
                        ]
                      },
                      "packages": {
                        "type": "array",
                        "title": "Collection of packages",
                        "default": [],
                        "items": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Packages contain Policies for different products",
                          "examples": [
                            {
                              "sirius_os_packages": [
                                {
                                  "operating_system": "windows",
                                  "sirius_package_name": "epa.win.plugin.assetmanager"
                                }
                              ],
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_nics": true,
                                  "include_installs": true,
                                  "include_processes": false,
                                  "include_memory": true,
                                  "include_modules": false,
                                  "include_updates": true,
                                  "include_drives": true,
                                  "include_startups": true
                                }
                              },
                              "product_name": "Asset Manager",
                              "schema_version": "1.0"
                            },
                            {
                              "enabled": true,
                              "sirius_os_packages": [
                                {
                                  "sirius_package_name": "epa.win.plugin.edr",
                                  "operating_system": "windows"
                                }
                              ],
                              "policy": {
                                "isolation": {
                                  "enabled": true,
                                  "title_image_path": "https://nebula-retina-mb-qa.eng-dev.mb-internal.com/api/v1/machine/isolation_image/20200310_105756.bmp?amazonaws=1",
                                  "text": "Your system has been locked by the IT Department. Please contact the Helpdesk for further information.",
                                  "title": "Malware or suspicious application behavior has been detected on this computer."
                                },
                                "log_file_retention_rules": {
                                  "max_num_roll_backups": 5,
                                  "max_file_size": "125MB"
                                },
                                "flight_recorder": {
                                  "learning_duration": 20,
                                  "very_aggressive": true,
                                  "enabled_server": true,
                                  "rollback": {
                                    "window": 48,
                                    "enabled": true,
                                    "file_size": "20MB",
                                    "backup_quota": 30,
                                    "file_size_server": "100MB",
                                    "backup_folder_server": "C:\\ProgramData\\Malwarebytes Endpoint Agent\\Plugins\\EDRPlugin\\Backup\\"
                                  },
                                  "enabled": true,
                                  "eagle_url": ""
                                },
                                "policy_version": 1
                              },
                              "product_name": "Endpoint Detection and Response",
                              "schema_version": "1.0"
                            },
                            {
                              "sirius_os_packages": [
                                {
                                  "operating_system": "mac",
                                  "sirius_package_name": "epa.mac.plugin.assetmanager"
                                }
                              ],
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_startups": true,
                                  "include_nics": true,
                                  "include_installs": true,
                                  "include_processes": false,
                                  "include_memory": true,
                                  "include_modules": false,
                                  "include_updates": true,
                                  "include_drives": true
                                }
                              },
                              "product_name": "Mac Asset Manager",
                              "schema_version": "1.0"
                            },
                            {
                              "policy": {
                                "isolation": {
                                  "enabled": false
                                },
                                "policy_version": 1,
                                "flight_recorder": {
                                  "enabled": false,
                                  "eagle_url": "",
                                  "enabled_server": false,
                                  "learning_duration": 20,
                                  "network_collection_enabled": false
                                },
                                "log_file_retention_rules": {
                                  "max_file_size": "125MB",
                                  "max_file_size_server": "1024MB",
                                  "max_num_roll_backups": 5
                                }
                              },
                              "enabled": false,
                              "product_name": "Mac Endpoint Detection and Response",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "mac",
                                  "sirius_package_name": "epa.mac.plugin.edr"
                                }
                              ]
                            },
                            {
                              "enabled": true,
                              "policy_version": 1,
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "windows",
                                  "sirius_package_name": "epa.win.plugin.mbam"
                                }
                              ],
                              "policy": {
                                "self_protect_early_start": true,
                                "usage_stat": true,
                                "application_updates": true,
                                "windows_context_menus": false,
                                "protection_aging": "180",
                                "win_ac": "default",
                                "rtp_settings": {
                                  "ransomware": {
                                    "enabled": true
                                  },
                                  "delay_rtp": true,
                                  "exploit": {
                                    "enabled": true,
                                    "options": {
                                      "amp_sp_other": true,
                                      "java_wmcl": true,
                                      "java_aijoip": true,
                                      "amp_crg32_media": true,
                                      "abp_pmbp_media": true,
                                      "amp_mrad_pdf": true,
                                      "amp_mrad_browser": true,
                                      "amp_sp_pdf": true,
                                      "ah_bua_ms": true,
                                      "amp_mph_chrome": true,
                                      "ah_bua_pdf": true,
                                      "ah_ahs_chrome": true,
                                      "java_misp": true,
                                      "ah_daef_browser": true,
                                      "ah_dep_chrome": true,
                                      "amp_depb_ms": true,
                                      "amp_rrg64_browser": true,
                                      "amp_crg32_other": true,
                                      "amp_rrg32_media": true,
                                      "amp_crg64_media": true,
                                      "abp_pmbp_other": true,
                                      "abp_mll_media": true,
                                      "amp_mph_pdf": true,
                                      "amp_mrad_media": true,
                                      "amp_rrg32_ms": true,
                                      "ah_bua_browser": true,
                                      "amp_rrg32_browser": true,
                                      "java_mosp": true,
                                      "amp_mph_media": true,
                                      "ah_dahs_browser": true,
                                      "amp_rrg32_other": true,
                                      "abp_pmbp_pdf": true,
                                      "amp_crg64_other": true,
                                      "abp_mll_other": true,
                                      "abp_pmbp_browser": true,
                                      "amp_rrg64_media": true,
                                      "amp_mrad_other": true,
                                      "amp_crg32_pdf": true,
                                      "amp_depb_media": true,
                                      "amp_rrg64_chrome": true,
                                      "amp_crg64_pdf": true,
                                      "abp_mll_pdf": true,
                                      "ah_bua_chrome": true,
                                      "amp_depb_pdf": true,
                                      "java_mmgp": true,
                                      "amp_rrg32_chrome": true,
                                      "ah_dep_ms": true,
                                      "abp_powmi_ms": true,
                                      "amp_depb_chrome": true,
                                      "amp_mph_other": false,
                                      "abp_mll_chrome": true,
                                      "amp_crg64_chrome": true,
                                      "amp_mph_ms": true,
                                      "abp_povba_ms": true,
                                      "amp_sp_chrome": true,
                                      "abp_piev_browser": true,
                                      "ah_ahs_media": true,
                                      "amp_crg32_chrome": true,
                                      "ah_dep_media": true,
                                      "ah_ahs_pdf": false,
                                      "amp_crg64_ms": true,
                                      "abp_mll_ms": true,
                                      "amp_rrg64_other": true,
                                      "amp_depb_browser": true,
                                      "amp_depb_other": true,
                                      "amp_mrad_chrome": true,
                                      "ah_bua_media": false,
                                      "amp_mph_browser": true,
                                      "abp_pmbp_chrome": true,
                                      "java_mmcep": true,
                                      "abp_mll_browser": true,
                                      "amp_crg64_browser": true,
                                      "amp_sp_ms": true,
                                      "ah_ahs_browser": true,
                                      "ah_ahs_other": true,
                                      "ah_dep_other": true,
                                      "amp_sp_browser": true,
                                      "ah_bua_other": true,
                                      "amp_rrg32_pdf": true,
                                      "ah_ahs_ms": true,
                                      "amp_rrg64_pdf": true,
                                      "amp_crg32_browser": true,
                                      "ah_diev_browser": true,
                                      "amp_sp_media": true,
                                      "amp_rrg64_ms": true,
                                      "ah_dep_pdf": true,
                                      "ah_dep_browser": true,
                                      "amp_mrad_ms": true,
                                      "abp_pmbp_ms": true,
                                      "amp_crg32_ms": true
                                    },
                                    "protected": [
                                      {
                                        "application": "Adobe Acrobat",
                                        "default": true,
                                        "enabled": true,
                                        "file": "acrobat.exe",
                                        "type": "FamilyPdfReader"
                                      },
                                      {
                                        "application": "Adobe Reader",
                                        "default": true,
                                        "enabled": true,
                                        "file": "acrord32.exe",
                                        "type": "FamilyPdfReader"
                                      },
                                      {
                                        "application": "Comodo Dragon",
                                        "default": true,
                                        "enabled": true,
                                        "file": "dragon.exe",
                                        "type": "FamilyWebBrowser"
                                      },
                                      {
                                        "type": "FamilyWebBrowser",
                                        "application": "Cyberfox",
                                        "default": true,
                                        "enabled": true,
                                        "file": "cyberfox.exe"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "Foxit PhantomPDF.exe",
                                        "type": "FamilyPdfReader",
                                        "application": "Foxit Phantom"
                                      },
                                      {
                                        "type": "FamilyPdfReader",
                                        "application": "Foxit Phantom",
                                        "default": true,
                                        "enabled": true,
                                        "file": "FoxitPhantomPDF.exe"
                                      },
                                      {
                                        "application": "Foxit Reader",
                                        "default": true,
                                        "enabled": true,
                                        "file": "foxit reader.exe",
                                        "type": "FamilyPdfReader"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "icedragon.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "IceDragon"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "iexplore.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Internet Explorer (and add-ons)",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "java.exe",
                                        "type": "FamilyJava",
                                        "application": "Java",
                                        "default": true
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "javaw.exe",
                                        "type": "FamilyJava",
                                        "application": "Java"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "javaws.exe",
                                        "type": "FamilyJava",
                                        "application": "Java"
                                      },
                                      {
                                        "application": "LibreOffice",
                                        "default": true,
                                        "enabled": true,
                                        "file": "soffice.bin",
                                        "type": "FamilyOffice"
                                      },
                                      {
                                        "application": "Maxthon",
                                        "default": true,
                                        "enabled": true,
                                        "file": "maxthon.exe",
                                        "type": "FamilyWebBrowser"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "MicrosoftEdge.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Microsoft Edge (and add-ons)",
                                        "default": true
                                      },
                                      {
                                        "application": "Microsoft Office Excel",
                                        "default": true,
                                        "enabled": true,
                                        "file": "excel.exe",
                                        "type": "FamilyOffice"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "powerpnt.exe",
                                        "type": "FamilyOffice",
                                        "application": "Microsoft Office PowerPoint"
                                      },
                                      {
                                        "type": "FamilyOffice",
                                        "application": "Microsoft Office Publisher",
                                        "default": true,
                                        "enabled": true,
                                        "file": "mspub.exe"
                                      },
                                      {
                                        "type": "FamilyOffice",
                                        "application": "Microsoft Office Word",
                                        "default": true,
                                        "enabled": true,
                                        "file": "winword.exe"
                                      },
                                      {
                                        "type": "FamilyWebBrowser",
                                        "application": "Mozilla Firefox (and add-ons)",
                                        "default": true,
                                        "enabled": true,
                                        "file": "firefox.exe"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "opera.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Opera (and plug-ins)",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "palemoon.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Palemoon",
                                        "default": true
                                      },
                                      {
                                        "application": "QuickTime Player",
                                        "default": true,
                                        "enabled": true,
                                        "file": "quicktimeplayer.exe",
                                        "type": "FamilyMultimedia"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "seamonkey.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Seamonkey",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "tor.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Tor Browser",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "vlc.exe",
                                        "type": "FamilyMultimedia",
                                        "application": "VLC Player",
                                        "default": true
                                      },
                                      {
                                        "type": "FamilyWebBrowser",
                                        "application": "Waterfox",
                                        "default": true,
                                        "enabled": true,
                                        "file": "waterfox.exe"
                                      },
                                      {
                                        "application": "Winamp Player",
                                        "default": true,
                                        "enabled": true,
                                        "file": "winamp.exe",
                                        "type": "FamilyMultimedia"
                                      },
                                      {
                                        "type": "FamilyMultimedia",
                                        "application": "Windows Media Player (mplayer2)",
                                        "default": true,
                                        "enabled": true,
                                        "file": "mplayer2.exe"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "wmplayer.exe",
                                        "type": "FamilyMultimedia",
                                        "application": "Windows Media Player (wmplayer)"
                                      }
                                    ]
                                  },
                                  "malware": {
                                    "enabled": true
                                  },
                                  "web": {
                                    "enabled": true
                                  },
                                  "display_rtp_notifications": true,
                                  "delay_seconds": "30"
                                },
                                "protection_update_enabled": true,
                                "auto_service_updates": true,
                                "self_protection": true,
                                "default_scan_settings": {
                                  "no_reboot": false,
                                  "no_archive": false,
                                  "reboot_message": "In order to completely quarantine the detected threat(s), your computer must be restarted.",
                                  "enable_shuriken": true,
                                  "ark": true,
                                  "scan_priority": "low",
                                  "reboot_delay_rrule": "FREQ=HOURLY;INTERVAL=2;COUNT=1",
                                  "pup_detection": "Detect",
                                  "allow_postpone_reboot": true,
                                  "reboot_delay": 60,
                                  "pum_detection": "Detect"
                                },
                                "install_settings": {
                                  "start_menu": true,
                                  "program_folder": null,
                                  "desktop_shortcut": true
                                },
                                "protection_update_schedule": "FREQ=HOURLY;INTERVAL=2",
                                "monitoring_options": {
                                  "enabled": false
                                }
                              },
                              "product_name": "Endpoint Protection"
                            },
                            {
                              "policy": {
                                "policy_version": 1,
                                "rtp_settings": {
                                  "app_block": {
                                    "enabled": true
                                  },
                                  "malware": {
                                    "enabled": true
                                  }
                                },
                                "default_scan_settings": {
                                  "reboot_delay_rrule": "FREQ=HOURLY;INTERVAL=2;COUNT=1",
                                  "no_reboot": false,
                                  "pup_detection": "Detect",
                                  "allow_postpone_reboot": true,
                                  "reboot_message": "In order to completely quarantine the detected threat(s),your computer must be restarted."
                                }
                              },
                              "product_name": "Mac Endpoint Protection",
                              "schema_version": "1.0",
                              "enabled": true,
                              "sirius_os_packages": [
                                {
                                  "sirius_package_name": "epa.mac.plugin.epp",
                                  "operating_system": "mac"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_nics": true,
                                  "include_drives": false,
                                  "include_memory": false,
                                  "include_installs": true,
                                  "include_startups": true
                                }
                              },
                              "enabled": true,
                              "product_name": "Chrome OS Asset Manager",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "chromeos",
                                  "sirius_package_name": "epa.chromeos.plugin.assetmanager"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_nics": true,
                                  "include_drives": true,
                                  "include_memory": true,
                                  "include_installs": false,
                                  "include_startups": false
                                }
                              },
                              "enabled": true,
                              "product_name": "Linux Asset Manager",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "linux",
                                  "sirius_package_name": "epa.linux.plugin.assetmanager"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "action": "BLOCK",
                                "policy_version": 1,
                                "minutes_to_block": 5,
                                "protected_protocols": [
                                  {
                                    "name": "FTP",
                                    "ports": [
                                      21
                                    ],
                                    "enabled": false
                                  },
                                  {
                                    "name": "RDP",
                                    "ports": [],
                                    "enabled": false
                                  }
                                ],
                                "allowed_failed_attempts": 5,
                                "exclude_private_networks": false,
                                "minutes_between_failed_attempts": 5
                              },
                              "enabled": false,
                              "product_name": "Windows Remote Intrusion Detection and Prevention",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "min_os_version": "6.1",
                                  "operating_system": "windows",
                                  "sirius_package_name": "epa.win.plugin.bfp"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "rtp_settings": {
                                  "malware": {
                                    "enabled": true
                                  }
                                },
                                "policy_version": 1
                              },
                              "enabled": true,
                              "product_name": "Linux Endpoint Protection",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "linux",
                                  "sirius_package_name": "epa.linux.plugin.epp"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "rtp_settings": {
                                  "web": {
                                    "enabled": true
                                  },
                                  "malware": {
                                    "enabled": true
                                  },
                                  "ransomware": {
                                    "enabled": true
                                  }
                                },
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "scan_after_reboot": false,
                                  "scan_after_update": true
                                },
                                "protection_update_schedule": "FREQ=HOURLY;INTERVAL=1"
                              },
                              "enabled": true,
                              "product_name": "Chrome OS Endpoint Protection",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "chromeos",
                                  "sirius_package_name": "epa.chromeos.plugin.epp"
                                }
                              ]
                            }
                          ],
                          "properties": {
                            "policy": {
                              "type": "object",
                              "additionalProperties": true,
                              "title": "Policy for a product, see examples of Policies for different products.",
                              "properties": {
                                "protected_protocols": {
                                  "type": "array",
                                  "additionalProperties": true,
                                  "title": "Protected Protocols",
                                  "examples": [
                                    {
                                      "name": "RDP",
                                      "ports": [
                                        3389
                                      ],
                                      "enabled": true
                                    }
                                  ],
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": true,
                                    "title": "Items of protected protocols.",
                                    "properties": {
                                      "name": {
                                        "type": "string",
                                        "title": "Protocol Name",
                                        "examples": [
                                          "RDP",
                                          "FTP",
                                          "IMAP",
                                          "MSSQL",
                                          "POP3",
                                          "SMTP",
                                          "SSH"
                                        ],
                                        "enum": [
                                          "RDP",
                                          "FTP",
                                          "IMAP",
                                          "MSSQL",
                                          "POP3",
                                          "SMTP",
                                          "SSH"
                                        ]
                                      },
                                      "ports": {
                                        "type": "array",
                                        "title": "Protected Protocol Ports",
                                        "description": "1-65535",
                                        "examples": [
                                          [
                                            3389,
                                            1433,
                                            21
                                          ]
                                        ],
                                        "items": {
                                          "type": "integer",
                                          "minimum": 1,
                                          "maximum": 65535
                                        }
                                      },
                                      "enabled": {
                                        "title": "Enable Protected Protocol",
                                        "type": "boolean",
                                        "default": false,
                                        "examples": [
                                          true,
                                          false
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            "product_name": {
                              "type": "string",
                              "title": "Name of the product",
                              "examples": [
                                "Asset Manager"
                              ]
                            },
                            "schema_version": {
                              "type": "string",
                              "title": "Version of the schema",
                              "examples": [
                                "1.0"
                              ]
                            },
                            "sirius_os_packages": {
                              "type": "array",
                              "title": "Defines the package and OS for updates.",
                              "items": {
                                "type": "object",
                                "additionalProperties": true,
                                "title": "Items of OS packages.",
                                "examples": [
                                  {
                                    "operating_system": "windows",
                                    "sirius_package_name": "epa.win.plugin.assetmanager"
                                  }
                                ],
                                "properties": {
                                  "operating_system": {
                                    "type": "string",
                                    "title": "Specify operating system",
                                    "examples": [
                                      "windows"
                                    ]
                                  },
                                  "sirius_package_name": {
                                    "type": "string",
                                    "title": "Package name",
                                    "examples": [
                                      "epa.win.plugin.assetmanager"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        }
                      },
                      "schema_version": {
                        "type": "string",
                        "title": "Version of the Policy schema",
                        "examples": [
                          "1.0"
                        ]
                      }
                    }
                  },
                  "name": {
                    "type": "string",
                    "title": "The name for this policy"
                  },
                  "etag": {
                    "type": "string",
                    "title": "Etag of this policy",
                    "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property."
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.put.policy"
      }
    },
    "/nebula/v1/policies/{id}/isolation_image": {
      "delete": {
        "description": "Delete policy isolation image.",
        "summary": "Delete policy isolation image",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.delete.policy.isolation_image.id"
      },
      "get": {
        "description": "Get policy isolation image by id.",
        "summary": "Get policy isolation image by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Response of isolation image request",
                  "properties": {
                    "url": {
                      "type": "string",
                      "title": "Url of the isolation image attached to the policy"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.get.policy.isolation_image.id"
      },
      "post": {
        "description": "This route allows you to add an icon to display on the custom message screen.\n\nOther routes in this API accept `Content-Type: application/json`.\n\nThis route is meant for file uploads and expects the request following `Content-Type: multipart/form-data` structure.\n\nTechnically it is _form upload_ and the field for linking a file is called `metadata`.\n\nFile Requirements:\n\nFILE TYPE: BMP\nOPTIMAL FILE SIZE: 150PX BY 150PX\nFILE SIZE: 2MB (maximum)\n\nExample usage:\n\ncurl --location --request POST 'https://cloud.malwarebytes.com/api/v2/rmm/accounts/<account_id>/policies/<policy_id>/isolation_image' \\\n--header 'Authorization: Bearer <access_token>' \\\n--header 'Content-Type: multipart/form-data;' \\\n--form 'metadata=@<path_to_file>'\n",
        "summary": "Add isolation image",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.post.policy.isolation_image.id"
      }
    },
    "/nebula/v1/policies": {
      "get": {
        "description": "Get all policies.",
        "summary": "Get all policies",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Response of policies",
                  "required": [
                    "policies",
                    "total_count"
                  ],
                  "properties": {
                    "policies": {
                      "type": "array",
                      "title": "Collection of policies",
                      "items": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Policy",
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Id",
                            "examples": [
                              "3606af9f-f539-426c-be76-6f9bc18531e2"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account id",
                            "examples": [
                              "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "4d3ae3923cca7cf30bd712f4d8188bb9"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "title": "Name",
                            "examples": [
                              "Default Policy"
                            ]
                          },
                          "expire_endpoints": {
                            "type": [
                              "number",
                              "null"
                            ],
                            "title": "Expire endpoints",
                            "examples": [
                              230
                            ]
                          },
                          "contents": {
                            "type": "object",
                            "title": "Policy Contents"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Policy created at",
                            "examples": [
                              "2020-02-13T17:09:20.741145Z"
                            ]
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Policy updated at",
                            "examples": [
                              "2020-02-13T17:09:22.532969Z"
                            ]
                          },
                          "migrated_at": {
                            "type": "string",
                            "title": "Policy migrated at",
                            "examples": [
                              "2020-02-13T17:09:22.532969Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Is default"
                          },
                          "deny_edit": {
                            "type": "boolean",
                            "title": "Deny edit"
                          },
                          "groups": {
                            "type": "array",
                            "title": "Groups",
                            "items": {
                              "type": "object",
                              "title": "Group",
                              "additionalProperties": true,
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "The Id of the group"
                                },
                                "account_id": {
                                  "type": "string",
                                  "title": "The account id to which this group belong"
                                },
                                "name": {
                                  "type": "string",
                                  "title": "The neame of the group"
                                },
                                "machines_count": {
                                  "type": "integer",
                                  "title": "Count of machines"
                                },
                                "policy_id": {
                                  "type": "string",
                                  "title": "Policy id associated to the group"
                                },
                                "policy_name": {
                                  "type": "string",
                                  "title": "Policy name"
                                },
                                "updated_at": {
                                  "type": "string",
                                  "title": "Updated at",
                                  "examples": [
                                    "2017-04-06T20:26:07.345213Z"
                                  ]
                                },
                                "is_default": {
                                  "type": "boolean",
                                  "title": "Default"
                                },
                                "schedule_ids": {
                                  "type": "array",
                                  "title": "Array of schedule ids",
                                  "items": {
                                    "type": "string",
                                    "title": "Schedule Id"
                                  }
                                },
                                "parent_id": {
                                  "type": "string",
                                  "title": "Parent id"
                                },
                                "root_id": {
                                  "type": "string",
                                  "title": "Root id"
                                },
                                "ou_object_id": {
                                  "type": [
                                    "string",
                                    "null"
                                  ],
                                  "title": "Ou object id"
                                },
                                "child_group_count": {
                                  "type": "integer",
                                  "title": "Child group count"
                                }
                              }
                            }
                          },
                          "exclusions": {
                            "type": "array",
                            "title": "Exclusions",
                            "items": {
                              "title": "Exclusion from server",
                              "type": "object",
                              "additionalProperties": true,
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "9256034b-7967-4253-a5d9-260663e4fa4f"
                                  ]
                                },
                                "etag": {
                                  "type": "string",
                                  "title": "Etag",
                                  "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                                  "examples": [
                                    "c87998228b2f7511bb1616f686d06bae"
                                  ]
                                },
                                "type": {
                                  "type": "integer",
                                  "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                                  "examples": [
                                    1,
                                    2,
                                    3,
                                    4,
                                    5,
                                    6,
                                    7,
                                    13,
                                    14
                                  ]
                                },
                                "value": {
                                  "type": "string",
                                  "title": "String value",
                                  "examples": [
                                    "%PROGRAMDATA%"
                                  ]
                                },
                                "enabled": {
                                  "type": "boolean",
                                  "title": "Enable"
                                },
                                "comment": {
                                  "type": "string",
                                  "title": "Comment"
                                },
                                "created_at": {
                                  "type": "string",
                                  "title": "Created at"
                                },
                                "updated_at": {
                                  "type": "string",
                                  "title": "Updated at"
                                },
                                "created_by": {
                                  "type": "string",
                                  "title": "Created by"
                                },
                                "updated_by": {
                                  "type": "string",
                                  "title": "Updated by"
                                },
                                "exclude_from": {
                                  "type": "object",
                                  "title": "Exclusion applied to",
                                  "properties": {
                                    "exploit_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                                    },
                                    "malware_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Protects against malware infections and zero-day threats"
                                    },
                                    "ransomware_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                                    },
                                    "suspicious_activity": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                                    },
                                    "website_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Blocks network traffic from malicious websites and IP addresses"
                                    },
                                    "bruteforce_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Bruteforce attack protection on RDP, IMAP and so on."
                                    }
                                  }
                                },
                                "friendly_name": {
                                  "type": "string",
                                  "title": "Friendly name",
                                  "examples": [
                                    "File by MD5 hash"
                                  ]
                                },
                                "account_level": {
                                  "type": "boolean",
                                  "title": "Account level"
                                },
                                "policies": {
                                  "type": "array",
                                  "title": "Policies",
                                  "items": {
                                    "type": "object",
                                    "title": "Policy",
                                    "properties": {
                                      "id": {
                                        "type": "string",
                                        "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                        "additionalProperties": true,
                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                        "examples": [
                                          "20da4613-5fa5-4460-9016-963d2c4f6753"
                                        ]
                                      },
                                      "name": {
                                        "type": "string",
                                        "title": "Name of policy"
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          },
                          "secret_hash": {
                            "type": "string",
                            "title": "Secret hash of the policy"
                          },
                          "secret_allow_site_override": {
                            "type": "boolean",
                            "title": "Allow secret override"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Count of policies"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.get.policy"
      },
      "post": {
        "description": "Create policy.",
        "summary": "Create policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create policy",
                "required": [
                  "name",
                  "contents"
                ],
                "additionalProperties": true,
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name for this policy"
                  },
                  "contents": {
                    "type": "object",
                    "additionalProperties": true,
                    "title": "Policy contents",
                    "properties": {
                      "policy": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Policy",
                        "examples": [
                          {
                            "startup_options": {
                              "timeout": "60000",
                              "toggle_on": true
                            },
                            "sirius_update_schedule": "FREQ=DAILY",
                            "updates": {
                              "pause_until": "2020-04-10T14:55:00+03:00"
                            },
                            "endpoint_interface_options": {
                              "allow_run_threat_scan": true,
                              "show_threat_scan_shortcuts": true,
                              "limit_endpoint_agent_control": true,
                              "show_tray_icon": "true",
                              "show_windows_contextmenu": true,
                              "display_rtp_events": true
                            },
                            "endpoint_tamper_protection": {
                              "uninstall_password": "$2a$10$EPD4LGvmr7zGoh7wXb9iUe.l5bikO/UzeayibCu1q/tFNT22ePQOK"
                            },
                            "protect_service": true
                          }
                        ],
                        "properties": {
                          "updates": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Software Updates",
                            "examples": [
                              {
                                "pause_until": "2020-04-10T14:55:00+03:00"
                              }
                            ],
                            "properties": {
                              "pause_until": {
                                "type": [
                                  "string",
                                  "null"
                                ],
                                "title": "While paused, prevents ThreatDown software from updating (Windows Only)",
                                "examples": [
                                  "2020-04-10T14:55:00+03:00"
                                ]
                              }
                            }
                          },
                          "protect_service": {
                            "type": "boolean",
                            "title": "Prevents ThreatDown services and processes from being stopped (Windows 10 only)",
                            "examples": [
                              true
                            ]
                          },
                          "startup_options": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Allow services additional time to start",
                            "examples": [
                              {
                                "timeout": "60000",
                                "toggle_on": true
                              }
                            ],
                            "properties": {
                              "timeout": {
                                "type": [
                                  "integer",
                                  "string"
                                ],
                                "title": "Adjust the timeout period for all services, milliseconds. Max 10min.",
                                "examples": [
                                  60000
                                ]
                              },
                              "toggle_on": {
                                "type": "boolean",
                                "title": "Provide all services with additional time to initiate",
                                "examples": [
                                  false
                                ]
                              }
                            }
                          },
                          "sirius_update_schedule": {
                            "type": "string",
                            "title": "How often agent should be updated",
                            "examples": [
                              "FREQ=DAILY"
                            ]
                          },
                          "endpoint_interface_options": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Endpoint interface options",
                            "examples": [
                              {
                                "show_windows_contextmenu": true,
                                "display_rtp_events": true,
                                "allow_run_threat_scan": true,
                                "show_threat_scan_shortcuts": true,
                                "limit_endpoint_agent_control": true,
                                "show_tray_icon": "true"
                              }
                            ],
                            "properties": {
                              "show_tray_icon": {
                                "type": [
                                  "string",
                                  "boolean"
                                ],
                                "title": "Show Malwarebytes icon in notification area",
                                "examples": [
                                  "true"
                                ]
                              },
                              "display_rtp_events": {
                                "type": "boolean",
                                "title": "Display real-time protection notifications",
                                "examples": [
                                  true
                                ]
                              },
                              "allow_run_threat_scan": {
                                "type": "boolean",
                                "title": "Allow users to run a Threat Scan (all threats will be quarantined automatically)",
                                "examples": [
                                  true
                                ]
                              },
                              "show_windows_contextmenu": {
                                "type": "boolean",
                                "title": "Show ThreatDown option in context menus (Windows only)",
                                "examples": [
                                  true
                                ]
                              },
                              "show_threat_scan_shortcuts": {
                                "type": "boolean",
                                "title": "Show ThreatDown shortcuts on Start menu and desktop to run Threat Scans (Windows only)",
                                "examples": [
                                  true
                                ]
                              },
                              "limit_endpoint_agent_control": {
                                "type": "boolean",
                                "title": "The Limit_endpoint_agent_control Schema",
                                "description": "Allow only Administrator level users to interact with the ThreatDown Tray (Windows only, not supported in XP or Server 2003)",
                                "examples": [
                                  true
                                ]
                              }
                            }
                          },
                          "endpoint_tamper_protection": {
                            "type": [
                              "object",
                              "null"
                            ],
                            "additionalProperties": true,
                            "title": "Tamper protection",
                            "examples": [
                              {
                                "uninstall_password": "$2a$10$EPD4LGvmr7zGoh7wXb9iUe.l5bikO/UzeayibCu1q/tFNT22ePQOK"
                              }
                            ],
                            "properties": {
                              "uninstall_password": {
                                "type": "string",
                                "title": "Encrypted password",
                                "examples": [
                                  ""
                                ]
                              }
                            }
                          }
                        }
                      },
                      "status": {
                        "type": "string",
                        "title": "Status of the Policy",
                        "examples": [
                          "ok"
                        ]
                      },
                      "packages": {
                        "type": "array",
                        "title": "Collection of packages",
                        "default": [],
                        "items": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Packages contain Policies for different products",
                          "examples": [
                            {
                              "sirius_os_packages": [
                                {
                                  "operating_system": "windows",
                                  "sirius_package_name": "epa.win.plugin.assetmanager"
                                }
                              ],
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_nics": true,
                                  "include_installs": true,
                                  "include_processes": false,
                                  "include_memory": true,
                                  "include_modules": false,
                                  "include_updates": true,
                                  "include_drives": true,
                                  "include_startups": true
                                }
                              },
                              "product_name": "Asset Manager",
                              "schema_version": "1.0"
                            },
                            {
                              "enabled": true,
                              "sirius_os_packages": [
                                {
                                  "sirius_package_name": "epa.win.plugin.edr",
                                  "operating_system": "windows"
                                }
                              ],
                              "policy": {
                                "isolation": {
                                  "enabled": true,
                                  "title_image_path": "https://nebula-retina-mb-qa.eng-dev.mb-internal.com/api/v1/machine/isolation_image/20200310_105756.bmp?amazonaws=1",
                                  "text": "Your system has been locked by the IT Department. Please contact the Helpdesk for further information.",
                                  "title": "Malware or suspicious application behavior has been detected on this computer."
                                },
                                "log_file_retention_rules": {
                                  "max_num_roll_backups": 5,
                                  "max_file_size": "125MB"
                                },
                                "flight_recorder": {
                                  "learning_duration": 20,
                                  "very_aggressive": true,
                                  "enabled_server": true,
                                  "rollback": {
                                    "window": 48,
                                    "enabled": true,
                                    "file_size": "20MB",
                                    "backup_quota": 30,
                                    "file_size_server": "100MB",
                                    "backup_folder_server": "C:\\ProgramData\\Malwarebytes Endpoint Agent\\Plugins\\EDRPlugin\\Backup\\"
                                  },
                                  "enabled": true,
                                  "eagle_url": ""
                                },
                                "policy_version": 1
                              },
                              "product_name": "Endpoint Detection and Response",
                              "schema_version": "1.0"
                            },
                            {
                              "sirius_os_packages": [
                                {
                                  "operating_system": "mac",
                                  "sirius_package_name": "epa.mac.plugin.assetmanager"
                                }
                              ],
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_startups": true,
                                  "include_nics": true,
                                  "include_installs": true,
                                  "include_processes": false,
                                  "include_memory": true,
                                  "include_modules": false,
                                  "include_updates": true,
                                  "include_drives": true
                                }
                              },
                              "product_name": "Mac Asset Manager",
                              "schema_version": "1.0"
                            },
                            {
                              "policy": {
                                "isolation": {
                                  "enabled": false
                                },
                                "policy_version": 1,
                                "flight_recorder": {
                                  "enabled": false,
                                  "eagle_url": "",
                                  "enabled_server": false,
                                  "learning_duration": 20,
                                  "network_collection_enabled": false
                                },
                                "log_file_retention_rules": {
                                  "max_file_size": "125MB",
                                  "max_file_size_server": "1024MB",
                                  "max_num_roll_backups": 5
                                }
                              },
                              "enabled": false,
                              "product_name": "Mac Endpoint Detection and Response",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "mac",
                                  "sirius_package_name": "epa.mac.plugin.edr"
                                }
                              ]
                            },
                            {
                              "enabled": true,
                              "policy_version": 1,
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "windows",
                                  "sirius_package_name": "epa.win.plugin.mbam"
                                }
                              ],
                              "policy": {
                                "self_protect_early_start": true,
                                "usage_stat": true,
                                "application_updates": true,
                                "windows_context_menus": false,
                                "protection_aging": "180",
                                "win_ac": "default",
                                "rtp_settings": {
                                  "ransomware": {
                                    "enabled": true
                                  },
                                  "delay_rtp": true,
                                  "exploit": {
                                    "enabled": true,
                                    "options": {
                                      "amp_sp_other": true,
                                      "java_wmcl": true,
                                      "java_aijoip": true,
                                      "amp_crg32_media": true,
                                      "abp_pmbp_media": true,
                                      "amp_mrad_pdf": true,
                                      "amp_mrad_browser": true,
                                      "amp_sp_pdf": true,
                                      "ah_bua_ms": true,
                                      "amp_mph_chrome": true,
                                      "ah_bua_pdf": true,
                                      "ah_ahs_chrome": true,
                                      "java_misp": true,
                                      "ah_daef_browser": true,
                                      "ah_dep_chrome": true,
                                      "amp_depb_ms": true,
                                      "amp_rrg64_browser": true,
                                      "amp_crg32_other": true,
                                      "amp_rrg32_media": true,
                                      "amp_crg64_media": true,
                                      "abp_pmbp_other": true,
                                      "abp_mll_media": true,
                                      "amp_mph_pdf": true,
                                      "amp_mrad_media": true,
                                      "amp_rrg32_ms": true,
                                      "ah_bua_browser": true,
                                      "amp_rrg32_browser": true,
                                      "java_mosp": true,
                                      "amp_mph_media": true,
                                      "ah_dahs_browser": true,
                                      "amp_rrg32_other": true,
                                      "abp_pmbp_pdf": true,
                                      "amp_crg64_other": true,
                                      "abp_mll_other": true,
                                      "abp_pmbp_browser": true,
                                      "amp_rrg64_media": true,
                                      "amp_mrad_other": true,
                                      "amp_crg32_pdf": true,
                                      "amp_depb_media": true,
                                      "amp_rrg64_chrome": true,
                                      "amp_crg64_pdf": true,
                                      "abp_mll_pdf": true,
                                      "ah_bua_chrome": true,
                                      "amp_depb_pdf": true,
                                      "java_mmgp": true,
                                      "amp_rrg32_chrome": true,
                                      "ah_dep_ms": true,
                                      "abp_powmi_ms": true,
                                      "amp_depb_chrome": true,
                                      "amp_mph_other": false,
                                      "abp_mll_chrome": true,
                                      "amp_crg64_chrome": true,
                                      "amp_mph_ms": true,
                                      "abp_povba_ms": true,
                                      "amp_sp_chrome": true,
                                      "abp_piev_browser": true,
                                      "ah_ahs_media": true,
                                      "amp_crg32_chrome": true,
                                      "ah_dep_media": true,
                                      "ah_ahs_pdf": false,
                                      "amp_crg64_ms": true,
                                      "abp_mll_ms": true,
                                      "amp_rrg64_other": true,
                                      "amp_depb_browser": true,
                                      "amp_depb_other": true,
                                      "amp_mrad_chrome": true,
                                      "ah_bua_media": false,
                                      "amp_mph_browser": true,
                                      "abp_pmbp_chrome": true,
                                      "java_mmcep": true,
                                      "abp_mll_browser": true,
                                      "amp_crg64_browser": true,
                                      "amp_sp_ms": true,
                                      "ah_ahs_browser": true,
                                      "ah_ahs_other": true,
                                      "ah_dep_other": true,
                                      "amp_sp_browser": true,
                                      "ah_bua_other": true,
                                      "amp_rrg32_pdf": true,
                                      "ah_ahs_ms": true,
                                      "amp_rrg64_pdf": true,
                                      "amp_crg32_browser": true,
                                      "ah_diev_browser": true,
                                      "amp_sp_media": true,
                                      "amp_rrg64_ms": true,
                                      "ah_dep_pdf": true,
                                      "ah_dep_browser": true,
                                      "amp_mrad_ms": true,
                                      "abp_pmbp_ms": true,
                                      "amp_crg32_ms": true
                                    },
                                    "protected": [
                                      {
                                        "application": "Adobe Acrobat",
                                        "default": true,
                                        "enabled": true,
                                        "file": "acrobat.exe",
                                        "type": "FamilyPdfReader"
                                      },
                                      {
                                        "application": "Adobe Reader",
                                        "default": true,
                                        "enabled": true,
                                        "file": "acrord32.exe",
                                        "type": "FamilyPdfReader"
                                      },
                                      {
                                        "application": "Comodo Dragon",
                                        "default": true,
                                        "enabled": true,
                                        "file": "dragon.exe",
                                        "type": "FamilyWebBrowser"
                                      },
                                      {
                                        "type": "FamilyWebBrowser",
                                        "application": "Cyberfox",
                                        "default": true,
                                        "enabled": true,
                                        "file": "cyberfox.exe"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "Foxit PhantomPDF.exe",
                                        "type": "FamilyPdfReader",
                                        "application": "Foxit Phantom"
                                      },
                                      {
                                        "type": "FamilyPdfReader",
                                        "application": "Foxit Phantom",
                                        "default": true,
                                        "enabled": true,
                                        "file": "FoxitPhantomPDF.exe"
                                      },
                                      {
                                        "application": "Foxit Reader",
                                        "default": true,
                                        "enabled": true,
                                        "file": "foxit reader.exe",
                                        "type": "FamilyPdfReader"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "icedragon.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "IceDragon"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "iexplore.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Internet Explorer (and add-ons)",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "java.exe",
                                        "type": "FamilyJava",
                                        "application": "Java",
                                        "default": true
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "javaw.exe",
                                        "type": "FamilyJava",
                                        "application": "Java"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "javaws.exe",
                                        "type": "FamilyJava",
                                        "application": "Java"
                                      },
                                      {
                                        "application": "LibreOffice",
                                        "default": true,
                                        "enabled": true,
                                        "file": "soffice.bin",
                                        "type": "FamilyOffice"
                                      },
                                      {
                                        "application": "Maxthon",
                                        "default": true,
                                        "enabled": true,
                                        "file": "maxthon.exe",
                                        "type": "FamilyWebBrowser"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "MicrosoftEdge.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Microsoft Edge (and add-ons)",
                                        "default": true
                                      },
                                      {
                                        "application": "Microsoft Office Excel",
                                        "default": true,
                                        "enabled": true,
                                        "file": "excel.exe",
                                        "type": "FamilyOffice"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "powerpnt.exe",
                                        "type": "FamilyOffice",
                                        "application": "Microsoft Office PowerPoint"
                                      },
                                      {
                                        "type": "FamilyOffice",
                                        "application": "Microsoft Office Publisher",
                                        "default": true,
                                        "enabled": true,
                                        "file": "mspub.exe"
                                      },
                                      {
                                        "type": "FamilyOffice",
                                        "application": "Microsoft Office Word",
                                        "default": true,
                                        "enabled": true,
                                        "file": "winword.exe"
                                      },
                                      {
                                        "type": "FamilyWebBrowser",
                                        "application": "Mozilla Firefox (and add-ons)",
                                        "default": true,
                                        "enabled": true,
                                        "file": "firefox.exe"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "opera.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Opera (and plug-ins)",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "palemoon.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Palemoon",
                                        "default": true
                                      },
                                      {
                                        "application": "QuickTime Player",
                                        "default": true,
                                        "enabled": true,
                                        "file": "quicktimeplayer.exe",
                                        "type": "FamilyMultimedia"
                                      },
                                      {
                                        "enabled": true,
                                        "file": "seamonkey.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Seamonkey",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "tor.exe",
                                        "type": "FamilyWebBrowser",
                                        "application": "Tor Browser",
                                        "default": true
                                      },
                                      {
                                        "enabled": true,
                                        "file": "vlc.exe",
                                        "type": "FamilyMultimedia",
                                        "application": "VLC Player",
                                        "default": true
                                      },
                                      {
                                        "type": "FamilyWebBrowser",
                                        "application": "Waterfox",
                                        "default": true,
                                        "enabled": true,
                                        "file": "waterfox.exe"
                                      },
                                      {
                                        "application": "Winamp Player",
                                        "default": true,
                                        "enabled": true,
                                        "file": "winamp.exe",
                                        "type": "FamilyMultimedia"
                                      },
                                      {
                                        "type": "FamilyMultimedia",
                                        "application": "Windows Media Player (mplayer2)",
                                        "default": true,
                                        "enabled": true,
                                        "file": "mplayer2.exe"
                                      },
                                      {
                                        "default": true,
                                        "enabled": true,
                                        "file": "wmplayer.exe",
                                        "type": "FamilyMultimedia",
                                        "application": "Windows Media Player (wmplayer)"
                                      }
                                    ]
                                  },
                                  "malware": {
                                    "enabled": true
                                  },
                                  "web": {
                                    "enabled": true
                                  },
                                  "display_rtp_notifications": true,
                                  "delay_seconds": "30"
                                },
                                "protection_update_enabled": true,
                                "auto_service_updates": true,
                                "self_protection": true,
                                "default_scan_settings": {
                                  "no_reboot": false,
                                  "no_archive": false,
                                  "reboot_message": "In order to completely quarantine the detected threat(s), your computer must be restarted.",
                                  "enable_shuriken": true,
                                  "ark": true,
                                  "scan_priority": "low",
                                  "reboot_delay_rrule": "FREQ=HOURLY;INTERVAL=2;COUNT=1",
                                  "pup_detection": "Detect",
                                  "allow_postpone_reboot": true,
                                  "reboot_delay": 60,
                                  "pum_detection": "Detect"
                                },
                                "install_settings": {
                                  "start_menu": true,
                                  "program_folder": null,
                                  "desktop_shortcut": true
                                },
                                "protection_update_schedule": "FREQ=HOURLY;INTERVAL=2",
                                "monitoring_options": {
                                  "enabled": false
                                }
                              },
                              "product_name": "Endpoint Protection"
                            },
                            {
                              "policy": {
                                "policy_version": 1,
                                "rtp_settings": {
                                  "app_block": {
                                    "enabled": true
                                  },
                                  "malware": {
                                    "enabled": true
                                  }
                                },
                                "default_scan_settings": {
                                  "reboot_delay_rrule": "FREQ=HOURLY;INTERVAL=2;COUNT=1",
                                  "no_reboot": false,
                                  "pup_detection": "Detect",
                                  "allow_postpone_reboot": true,
                                  "reboot_message": "In order to completely quarantine the detected threat(s),your computer must be restarted."
                                }
                              },
                              "product_name": "Mac Endpoint Protection",
                              "schema_version": "1.0",
                              "enabled": true,
                              "sirius_os_packages": [
                                {
                                  "sirius_package_name": "epa.mac.plugin.epp",
                                  "operating_system": "mac"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_nics": true,
                                  "include_drives": false,
                                  "include_memory": false,
                                  "include_installs": true,
                                  "include_startups": true
                                }
                              },
                              "enabled": true,
                              "product_name": "Chrome OS Asset Manager",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "chromeos",
                                  "sirius_package_name": "epa.chromeos.plugin.assetmanager"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "include_nics": true,
                                  "include_drives": true,
                                  "include_memory": true,
                                  "include_installs": false,
                                  "include_startups": false
                                }
                              },
                              "enabled": true,
                              "product_name": "Linux Asset Manager",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "linux",
                                  "sirius_package_name": "epa.linux.plugin.assetmanager"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "action": "BLOCK",
                                "policy_version": 1,
                                "minutes_to_block": 5,
                                "protected_protocols": [
                                  {
                                    "name": "FTP",
                                    "ports": [
                                      21
                                    ],
                                    "enabled": false
                                  },
                                  {
                                    "name": "RDP",
                                    "ports": [],
                                    "enabled": false
                                  }
                                ],
                                "allowed_failed_attempts": 5,
                                "exclude_private_networks": false,
                                "minutes_between_failed_attempts": 5
                              },
                              "enabled": false,
                              "product_name": "Windows Remote Intrusion Detection and Prevention",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "min_os_version": "6.1",
                                  "operating_system": "windows",
                                  "sirius_package_name": "epa.win.plugin.bfp"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "rtp_settings": {
                                  "malware": {
                                    "enabled": true
                                  }
                                },
                                "policy_version": 1
                              },
                              "enabled": true,
                              "product_name": "Linux Endpoint Protection",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "linux",
                                  "sirius_package_name": "epa.linux.plugin.epp"
                                }
                              ]
                            },
                            {
                              "policy": {
                                "rtp_settings": {
                                  "web": {
                                    "enabled": true
                                  },
                                  "malware": {
                                    "enabled": true
                                  },
                                  "ransomware": {
                                    "enabled": true
                                  }
                                },
                                "policy_version": 1,
                                "default_scan_settings": {
                                  "scan_after_reboot": false,
                                  "scan_after_update": true
                                },
                                "protection_update_schedule": "FREQ=HOURLY;INTERVAL=1"
                              },
                              "enabled": true,
                              "product_name": "Chrome OS Endpoint Protection",
                              "schema_version": "1.0",
                              "sirius_os_packages": [
                                {
                                  "operating_system": "chromeos",
                                  "sirius_package_name": "epa.chromeos.plugin.epp"
                                }
                              ]
                            }
                          ],
                          "properties": {
                            "policy": {
                              "type": "object",
                              "additionalProperties": true,
                              "title": "Policy for a product, see examples of Policies for different products.",
                              "properties": {
                                "protected_protocols": {
                                  "type": "array",
                                  "additionalProperties": true,
                                  "title": "Protected Protocols",
                                  "examples": [
                                    {
                                      "name": "RDP",
                                      "ports": [
                                        3389
                                      ],
                                      "enabled": true
                                    }
                                  ],
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": true,
                                    "title": "Items of protected protocols.",
                                    "properties": {
                                      "name": {
                                        "type": "string",
                                        "title": "Protocol Name",
                                        "examples": [
                                          "RDP",
                                          "FTP",
                                          "IMAP",
                                          "MSSQL",
                                          "POP3",
                                          "SMTP",
                                          "SSH"
                                        ],
                                        "enum": [
                                          "RDP",
                                          "FTP",
                                          "IMAP",
                                          "MSSQL",
                                          "POP3",
                                          "SMTP",
                                          "SSH"
                                        ]
                                      },
                                      "ports": {
                                        "type": "array",
                                        "title": "Protected Protocol Ports",
                                        "description": "1-65535",
                                        "examples": [
                                          [
                                            3389,
                                            1433,
                                            21
                                          ]
                                        ],
                                        "items": {
                                          "type": "integer",
                                          "minimum": 1,
                                          "maximum": 65535
                                        }
                                      },
                                      "enabled": {
                                        "title": "Enable Protected Protocol",
                                        "type": "boolean",
                                        "default": false,
                                        "examples": [
                                          true,
                                          false
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            "product_name": {
                              "type": "string",
                              "title": "Name of the product",
                              "examples": [
                                "Asset Manager"
                              ]
                            },
                            "schema_version": {
                              "type": "string",
                              "title": "Version of the schema",
                              "examples": [
                                "1.0"
                              ]
                            },
                            "sirius_os_packages": {
                              "type": "array",
                              "title": "Defines the package and OS for updates.",
                              "items": {
                                "type": "object",
                                "additionalProperties": true,
                                "title": "Items of OS packages.",
                                "examples": [
                                  {
                                    "operating_system": "windows",
                                    "sirius_package_name": "epa.win.plugin.assetmanager"
                                  }
                                ],
                                "properties": {
                                  "operating_system": {
                                    "type": "string",
                                    "title": "Specify operating system",
                                    "examples": [
                                      "windows"
                                    ]
                                  },
                                  "sirius_package_name": {
                                    "type": "string",
                                    "title": "Package name",
                                    "examples": [
                                      "epa.win.plugin.assetmanager"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        }
                      },
                      "schema_version": {
                        "type": "string",
                        "title": "Version of the Policy schema",
                        "examples": [
                          "1.0"
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.post.policy"
      }
    },
    "/nebula/v1/policies/{id}/auto_isolation": {
      "get": {
        "description": "Get policy auto-isolation options by policy ID",
        "summary": "Get policy auto-isolation",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "policy auto-isolation settings",
                  "description": "Set policy expire endpoints payload specification",
                  "type": "object",
                  "properties": {
                    "host_type": {
                      "type": "integer",
                      "description": "Bitmask representing 'workstation (1)' and 'servers (2)'. Use 3 for all the host_types (1+2=3)",
                      "enum": [
                        0,
                        1,
                        2,
                        3
                      ]
                    },
                    "platform": {
                      "type": "integer",
                      "description": "Bitmask representing 'windows (1)', 'macOS (2)', 'linux (4)'. Use 7 for all the platforms (1+2+4=7)",
                      "enum": [
                        0,
                        1,
                        2,
                        3,
                        4,
                        5,
                        6,
                        7
                      ]
                    },
                    "isolation_type": {
                      "type": "object",
                      "properties": {
                        "network": {
                          "type": "boolean"
                        },
                        "process": {
                          "type": "boolean"
                        },
                        "desktop": {
                          "type": "boolean"
                        }
                      },
                      "required": [
                        "network",
                        "process",
                        "desktop"
                      ],
                      "anyOf": [
                        {
                          "properties": {
                            "network": {
                              "const": true
                            }
                          }
                        },
                        {
                          "properties": {
                            "process": {
                              "const": true
                            }
                          }
                        },
                        {
                          "properties": {
                            "desktop": {
                              "const": true
                            }
                          }
                        }
                      ]
                    }
                  },
                  "required": [
                    "host_type",
                    "platform",
                    "isolation_type"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.get.policy.auto_isolation"
      },
      "post": {
        "description": "Set policy auto-isolation options by policy ID",
        "summary": "Set policy auto-isolation",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "policy auto-isolation settings",
                "description": "Set policy expire endpoints payload specification",
                "type": "object",
                "properties": {
                  "host_type": {
                    "type": "integer",
                    "description": "Bitmask representing 'workstation (1)' and 'servers (2)'. Use 3 for all the host_types (1+2=3)",
                    "enum": [
                      0,
                      1,
                      2,
                      3
                    ]
                  },
                  "platform": {
                    "type": "integer",
                    "description": "Bitmask representing 'windows (1)', 'macOS (2)', 'linux (4)'. Use 7 for all the platforms (1+2+4=7)",
                    "enum": [
                      0,
                      1,
                      2,
                      3,
                      4,
                      5,
                      6,
                      7
                    ]
                  },
                  "isolation_type": {
                    "type": "object",
                    "properties": {
                      "network": {
                        "type": "boolean"
                      },
                      "process": {
                        "type": "boolean"
                      },
                      "desktop": {
                        "type": "boolean"
                      }
                    },
                    "required": [
                      "network",
                      "process",
                      "desktop"
                    ],
                    "anyOf": [
                      {
                        "properties": {
                          "network": {
                            "const": true
                          }
                        }
                      },
                      {
                        "properties": {
                          "process": {
                            "const": true
                          }
                        }
                      },
                      {
                        "properties": {
                          "desktop": {
                            "const": true
                          }
                        }
                      }
                    ]
                  }
                },
                "required": [
                  "host_type",
                  "platform",
                  "isolation_type"
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "policy auto-isolation settings",
                  "description": "Set policy expire endpoints payload specification",
                  "type": "object",
                  "properties": {
                    "host_type": {
                      "type": "integer",
                      "description": "Bitmask representing 'workstation (1)' and 'servers (2)'. Use 3 for all the host_types (1+2=3)",
                      "enum": [
                        0,
                        1,
                        2,
                        3
                      ]
                    },
                    "platform": {
                      "type": "integer",
                      "description": "Bitmask representing 'windows (1)', 'macOS (2)', 'linux (4)'. Use 7 for all the platforms (1+2+4=7)",
                      "enum": [
                        0,
                        1,
                        2,
                        3,
                        4,
                        5,
                        6,
                        7
                      ]
                    },
                    "isolation_type": {
                      "type": "object",
                      "properties": {
                        "network": {
                          "type": "boolean"
                        },
                        "process": {
                          "type": "boolean"
                        },
                        "desktop": {
                          "type": "boolean"
                        }
                      },
                      "required": [
                        "network",
                        "process",
                        "desktop"
                      ],
                      "anyOf": [
                        {
                          "properties": {
                            "network": {
                              "const": true
                            }
                          }
                        },
                        {
                          "properties": {
                            "process": {
                              "const": true
                            }
                          }
                        },
                        {
                          "properties": {
                            "desktop": {
                              "const": true
                            }
                          }
                        }
                      ]
                    }
                  },
                  "required": [
                    "host_type",
                    "platform",
                    "isolation_type"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.post.policy.auto_isolation"
      }
    },
    "/nebula/v1/policies/{id}/secret": {
      "get": {
        "description": "Get policy tamper protection password.",
        "summary": "Get policy tamper protection password",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Policy ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Response of policy tamper protection secret",
                  "properties": {
                    "secret": {
                      "type": "string",
                      "title": "Secret of policy tamper protection"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.get.policy.secret.id"
      },
      "post": {
        "description": "Set policy tamper protection password.",
        "summary": "Set policy tamper protection password",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Policy ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Change Secret",
                "required": [
                  "secret"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "New tamper protection secret for the policy"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Response of policy tamper protection secret",
                  "properties": {
                    "secret": {
                      "type": "string",
                      "title": "Secret of policy tamper protection"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.post.policy.secret.id"
      }
    },
    "/nebula/v1/policies/system_default": {
      "get": {
        "description": "Get system default policy.",
        "summary": "Get system default policy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.get.policy.system_default"
      }
    },
    "/nebula/v1/policies/{source_id}/clone": {
      "post": {
        "description": "Clone policy by id of an existing policy.",
        "summary": "Clone policy",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "source_id",
            "required": true,
            "in": "path",
            "description": "ID of the policy to be cloned (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Clone policy",
                "required": [
                  "name"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name for the cloned policy."
                  },
                  "include_policy_exclusions": {
                    "type": "boolean",
                    "title": "Set to true for including exclusions. Defaults to false.",
                    "default": false
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.post.policy.clone"
      }
    },
    "/nebula/v1/policies/{id}/promote": {
      "put": {
        "description": "Promote policy.",
        "summary": "Promote policy",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Policy",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id",
                      "examples": [
                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account id",
                      "examples": [
                        "1b8d7513-3336-45fe-8d6f-db43bc9c9613"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a policy. When updating, you need to fetch the latest value by GETting a policy. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "4d3ae3923cca7cf30bd712f4d8188bb9"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name",
                      "examples": [
                        "Default Policy"
                      ]
                    },
                    "expire_endpoints": {
                      "type": [
                        "number",
                        "null"
                      ],
                      "title": "Expire endpoints",
                      "examples": [
                        230
                      ]
                    },
                    "contents": {
                      "type": "object",
                      "title": "Policy Contents"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Policy created at",
                      "examples": [
                        "2020-02-13T17:09:20.741145Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Policy updated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "migrated_at": {
                      "type": "string",
                      "title": "Policy migrated at",
                      "examples": [
                        "2020-02-13T17:09:22.532969Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Is default"
                    },
                    "deny_edit": {
                      "type": "boolean",
                      "title": "Deny edit"
                    },
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "secret_hash": {
                      "type": "string",
                      "title": "Secret hash of the policy"
                    },
                    "secret_allow_site_override": {
                      "type": "boolean",
                      "title": "Allow secret override"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Policies"
        ],
        "operationId": "api.nebula.put.policy.promote"
      }
    },
    "/nebula/v1/exclusions/{id}": {
      "delete": {
        "description": "Delete exclusion by id.",
        "summary": "Delete exclusion by id",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Exclusions"
        ],
        "operationId": "api.nebula.delete.exclusions"
      },
      "get": {
        "description": "Get exclusion by id.",
        "summary": "Get exclusion by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Exclusion from server",
                  "type": "object",
                  "additionalProperties": true,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "c87998228b2f7511bb1616f686d06bae"
                      ]
                    },
                    "type": {
                      "type": "integer",
                      "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                      "examples": [
                        1,
                        2,
                        3,
                        4,
                        5,
                        6,
                        7,
                        13,
                        14
                      ]
                    },
                    "value": {
                      "type": "string",
                      "title": "String value",
                      "examples": [
                        "%PROGRAMDATA%"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enable"
                    },
                    "comment": {
                      "type": "string",
                      "title": "Comment"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by"
                    },
                    "updated_by": {
                      "type": "string",
                      "title": "Updated by"
                    },
                    "exclude_from": {
                      "type": "object",
                      "title": "Exclusion applied to",
                      "properties": {
                        "exploit_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                        },
                        "malware_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Protects against malware infections and zero-day threats"
                        },
                        "ransomware_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                        },
                        "suspicious_activity": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                        },
                        "website_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Blocks network traffic from malicious websites and IP addresses"
                        },
                        "bruteforce_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Bruteforce attack protection on RDP, IMAP and so on."
                        }
                      }
                    },
                    "friendly_name": {
                      "type": "string",
                      "title": "Friendly name",
                      "examples": [
                        "File by MD5 hash"
                      ]
                    },
                    "account_level": {
                      "type": "boolean",
                      "title": "Account level"
                    },
                    "policies": {
                      "type": "array",
                      "title": "Policies",
                      "items": {
                        "type": "object",
                        "title": "Policy",
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "additionalProperties": true,
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "20da4613-5fa5-4460-9016-963d2c4f6753"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "title": "Name of policy"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Exclusions"
        ],
        "operationId": "api.nebula.get.exclusions.id"
      },
      "put": {
        "description": "Use this API endpoint to update exclusions.\n\n## Validation rules\n\n- etag is required\n- type must be a number from the following list: 1, 2, 3, 4, 5, 6, 7, 8, 13\n- exploit_protection can only be true if type is 13\n- ransomware_protection can only be true if type is 1 or 2\n- malware_protection can only be true if type is 1, 2, 4, or 5\n- website_protection can only be true if type is 6, 7, or 8\n- bruteforce_protection can only be true if type is 7\n- if type is 14, only suspicious_activity can and must be true\n- if account_level is false, then policy_ids must be an array of UUID(s)\n- value must be a valid domain or website (domain with protocol prefix) if type is 6\n- value must be a valid IP address if type is 7\n",
        "summary": "Update exclusion",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Save Exclusion",
                "additionalProperties": true,
                "required": [
                  "etag",
                  "type",
                  "value",
                  "enabled",
                  "exclude_from",
                  "account_level"
                ],
                "properties": {
                  "etag": {
                    "type": "string",
                    "title": "Etag",
                    "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                    "examples": [
                      "c87998228b2f7511bb1616f686d06bae"
                    ]
                  },
                  "type": {
                    "type": "integer",
                    "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                    "examples": [
                      1,
                      2,
                      3,
                      4,
                      5,
                      6,
                      7,
                      8,
                      13,
                      14
                    ]
                  },
                  "value": {
                    "type": "string",
                    "title": "String value",
                    "examples": [
                      "%PROGRAMDATA%"
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Enable"
                  },
                  "comment": {
                    "type": "string",
                    "title": "Comment"
                  },
                  "exclude_from": {
                    "type": "object",
                    "title": "Exclusion applied to",
                    "properties": {
                      "exploit_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                      },
                      "malware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Protects against malware infections and zero-day threats"
                      },
                      "ransomware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                      },
                      "suspicious_activity": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                      },
                      "website_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Blocks network traffic from malicious websites and IP addresses"
                      },
                      "bruteforce_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Bruteforce attack protection on RDP, IMAP and so on."
                      }
                    }
                  },
                  "friendly_name": {
                    "type": "string",
                    "title": "Friendly name",
                    "examples": [
                      "File by MD5 hash"
                    ]
                  },
                  "account_level": {
                    "type": "boolean",
                    "title": "Account level"
                  },
                  "policy_ids": {
                    "type": "array",
                    "title": "IDs of Policies",
                    "default": [],
                    "items": {
                      "type": "string",
                      "title": "ID of the Policy"
                    }
                  }
                },
                "allOf": [
                  {
                    "if": {
                      "properties": {
                        "type": {
                          "const": 13
                        }
                      }
                    },
                    "then": {
                      "properties": {
                        "value": {
                          "pattern": "^[a-fA-F0-9]{32}$"
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "enabled": {
                          "const": true
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "should have at least one exclude_from property set to true",
                      "anyOf": [
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "exploit_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "exploit_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "malware_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "malware_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "ransomware_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "ransomware_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "website_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "website_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "suspicious_activity": {
                                  "const": true
                                }
                              },
                              "required": [
                                "suspicious_activity"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "bruteforce_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "bruteforce_protection"
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                ],
                "errorMessage": {
                  "if": "if enabled is true"
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Exclusion from server",
                  "type": "object",
                  "additionalProperties": true,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "c87998228b2f7511bb1616f686d06bae"
                      ]
                    },
                    "type": {
                      "type": "integer",
                      "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                      "examples": [
                        1,
                        2,
                        3,
                        4,
                        5,
                        6,
                        7,
                        13,
                        14
                      ]
                    },
                    "value": {
                      "type": "string",
                      "title": "String value",
                      "examples": [
                        "%PROGRAMDATA%"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enable"
                    },
                    "comment": {
                      "type": "string",
                      "title": "Comment"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by"
                    },
                    "updated_by": {
                      "type": "string",
                      "title": "Updated by"
                    },
                    "exclude_from": {
                      "type": "object",
                      "title": "Exclusion applied to",
                      "properties": {
                        "exploit_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                        },
                        "malware_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Protects against malware infections and zero-day threats"
                        },
                        "ransomware_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                        },
                        "suspicious_activity": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                        },
                        "website_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Blocks network traffic from malicious websites and IP addresses"
                        },
                        "bruteforce_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Bruteforce attack protection on RDP, IMAP and so on."
                        }
                      }
                    },
                    "friendly_name": {
                      "type": "string",
                      "title": "Friendly name",
                      "examples": [
                        "File by MD5 hash"
                      ]
                    },
                    "account_level": {
                      "type": "boolean",
                      "title": "Account level"
                    },
                    "policies": {
                      "type": "array",
                      "title": "Policies",
                      "items": {
                        "type": "object",
                        "title": "Policy",
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "additionalProperties": true,
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "20da4613-5fa5-4460-9016-963d2c4f6753"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "title": "Name of policy"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Exclusions"
        ],
        "operationId": "api.nebula.put.exclusions"
      }
    },
    "/nebula/v1/exclusions": {
      "delete": {
        "description": "Delete exclusions in bulk.",
        "summary": "Delete exclusions in bulk",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Delete Exclusions Bulk",
                "properties": {
                  "exclusion_ids": {
                    "type": "array",
                    "title": "Exclusion IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Exclusions"
        ],
        "operationId": "api.nebula.delete.exclusions.bulk"
      },
      "get": {
        "description": "Get exclusions.",
        "summary": "Get exclusions",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "search_string",
            "required": false,
            "in": "query",
            "description": "Search with exclusion string.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "policy_ids",
            "required": false,
            "in": "query",
            "description": "Search with exclusion policy ids.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "type",
            "required": false,
            "in": "query",
            "description": "Search with exclusion type",
            "schema": {
              "type": "number"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter since exclusion times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "until",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter until exclusion times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "sort_by",
            "required": false,
            "in": "query",
            "description": "Field to sort results with.",
            "schema": {
              "type": "string",
              "enum": [
                "enabled",
                "value",
                "created_at",
                "updated_at",
                "created_by",
                "updated_by",
                "type"
              ]
            }
          },
          {
            "name": "sort_order",
            "required": false,
            "in": "query",
            "description": "Sorting direction",
            "schema": {
              "type": "string",
              "enum": [
                "asc",
                "desc"
              ]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get exclusions by account",
                  "type": "object",
                  "required": [
                    "exclusions",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Exclusion from server",
                        "type": "object",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "etag": {
                            "type": "string",
                            "title": "Etag",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                            "examples": [
                              "c87998228b2f7511bb1616f686d06bae"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                            "examples": [
                              1,
                              2,
                              3,
                              4,
                              5,
                              6,
                              7,
                              13,
                              14
                            ]
                          },
                          "value": {
                            "type": "string",
                            "title": "String value",
                            "examples": [
                              "%PROGRAMDATA%"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enable"
                          },
                          "comment": {
                            "type": "string",
                            "title": "Comment"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          },
                          "exclude_from": {
                            "type": "object",
                            "title": "Exclusion applied to",
                            "properties": {
                              "exploit_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                              },
                              "malware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Protects against malware infections and zero-day threats"
                              },
                              "ransomware_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                              },
                              "suspicious_activity": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                              },
                              "website_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Blocks network traffic from malicious websites and IP addresses"
                              },
                              "bruteforce_protection": {
                                "type": [
                                  "boolean",
                                  "null"
                                ],
                                "title": "Bruteforce attack protection on RDP, IMAP and so on."
                              }
                            }
                          },
                          "friendly_name": {
                            "type": "string",
                            "title": "Friendly name",
                            "examples": [
                              "File by MD5 hash"
                            ]
                          },
                          "account_level": {
                            "type": "boolean",
                            "title": "Account level"
                          },
                          "policies": {
                            "type": "array",
                            "title": "Policies",
                            "items": {
                              "type": "object",
                              "title": "Policy",
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                  "additionalProperties": true,
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "20da4613-5fa5-4460-9016-963d2c4f6753"
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "title": "Name of policy"
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Exclusions"
        ],
        "operationId": "api.nebula.get.exclusions"
      },
      "post": {
        "description": "Use this API endpoint to add exclusions.\n\n## Validation rules\n\n- type must be a number from the following list: 1, 2, 3, 4, 5, 6, 7, 8, 13\n- exploit_protection can only be true if type is 13\n- ransomware_protection can only be true if type is 1 or 2\n- malware_protection can only be true if type is 1, 2, 4, or 5\n- website_protection can only be true if type is 6, 7, or 8\n- bruteforce_protection can only be true if type is 7\n- if type is 14, only suspicious_activity can and must be true\n- if account_level is false, then policy_ids must be an array of UUID(s)\n- value must be a valid domain or website (domain with protocol prefix) if type is 6\n- value must be a valid IP address if type is 7\n",
        "summary": "Create exclusion",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create Exclusion",
                "additionalProperties": true,
                "required": [
                  "type",
                  "value",
                  "enabled",
                  "exclude_from",
                  "account_level"
                ],
                "properties": {
                  "type": {
                    "type": "integer",
                    "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                    "examples": [
                      1,
                      2,
                      3,
                      4,
                      5,
                      6,
                      7,
                      8,
                      13,
                      14
                    ]
                  },
                  "value": {
                    "type": "string",
                    "title": "String value",
                    "examples": [
                      "%PROGRAMDATA%"
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Enable"
                  },
                  "comment": {
                    "type": "string",
                    "title": "Comment"
                  },
                  "exclude_from": {
                    "type": "object",
                    "title": "Exclusion applied to",
                    "properties": {
                      "exploit_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                      },
                      "malware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Protects against malware infections and zero-day threats"
                      },
                      "ransomware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                      },
                      "suspicious_activity": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                      },
                      "website_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Blocks network traffic from malicious websites and IP addresses"
                      },
                      "bruteforce_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Bruteforce attack protection on RDP, IMAP and so on."
                      }
                    }
                  },
                  "friendly_name": {
                    "type": "string",
                    "title": "Friendly name",
                    "examples": [
                      "File by MD5 hash"
                    ]
                  },
                  "account_level": {
                    "type": "boolean",
                    "title": "Account level"
                  },
                  "policy_ids": {
                    "type": "array",
                    "title": "IDs of Policies",
                    "default": [],
                    "items": {
                      "type": "string",
                      "title": "ID of the Policy"
                    }
                  }
                },
                "allOf": [
                  {
                    "if": {
                      "properties": {
                        "type": {
                          "const": 13
                        }
                      }
                    },
                    "then": {
                      "properties": {
                        "value": {
                          "pattern": "^[a-fA-F0-9]{32}$"
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "enabled": {
                          "const": true
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "should have at least one exclude_from property set to true",
                      "anyOf": [
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "exploit_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "exploit_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "malware_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "malware_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "ransomware_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "ransomware_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "website_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "website_protection"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "suspicious_activity": {
                                  "const": true
                                }
                              },
                              "required": [
                                "suspicious_activity"
                              ]
                            }
                          }
                        },
                        {
                          "properties": {
                            "exclude_from": {
                              "properties": {
                                "bruteforce_protection": {
                                  "const": true
                                }
                              },
                              "required": [
                                "bruteforce_protection"
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                ],
                "errorMessage": {
                  "if": "if enabled is true"
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Exclusion from server",
                  "type": "object",
                  "additionalProperties": true,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "etag": {
                      "type": "string",
                      "title": "Etag",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a exclusion. When updating, you need to fetch the latest value by GETting an exclusion. You should always get the current etag before trying to modify a resource that has an etag property.",
                      "examples": [
                        "c87998228b2f7511bb1616f686d06bae"
                      ]
                    },
                    "type": {
                      "type": "integer",
                      "title": "1: Exclusion for file path, 2: Exclusion for folder path, 3: Exclusion for wildcard path, 4: Exclusion for registry, 5: Exclusion for file extensions, 6: Exclusion for web domain, 7: Exclusion for web IP, 8: Exclusion for Web Monitoring, 13: Exclusion for hash, 14: Exclusion for command line",
                      "examples": [
                        1,
                        2,
                        3,
                        4,
                        5,
                        6,
                        7,
                        13,
                        14
                      ]
                    },
                    "value": {
                      "type": "string",
                      "title": "String value",
                      "examples": [
                        "%PROGRAMDATA%"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enable"
                    },
                    "comment": {
                      "type": "string",
                      "title": "Comment"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by"
                    },
                    "updated_by": {
                      "type": "string",
                      "title": "Updated by"
                    },
                    "exclude_from": {
                      "type": "object",
                      "title": "Exclusion applied to",
                      "properties": {
                        "exploit_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                        },
                        "malware_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Protects against malware infections and zero-day threats"
                        },
                        "ransomware_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                        },
                        "suspicious_activity": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                        },
                        "website_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Blocks network traffic from malicious websites and IP addresses"
                        },
                        "bruteforce_protection": {
                          "type": [
                            "boolean",
                            "null"
                          ],
                          "title": "Bruteforce attack protection on RDP, IMAP and so on."
                        }
                      }
                    },
                    "friendly_name": {
                      "type": "string",
                      "title": "Friendly name",
                      "examples": [
                        "File by MD5 hash"
                      ]
                    },
                    "account_level": {
                      "type": "boolean",
                      "title": "Account level"
                    },
                    "policies": {
                      "type": "array",
                      "title": "Policies",
                      "items": {
                        "type": "object",
                        "title": "Policy",
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID of policy (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "additionalProperties": true,
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "20da4613-5fa5-4460-9016-963d2c4f6753"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "title": "Name of policy"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Exclusions"
        ],
        "operationId": "api.nebula.post.exclusions"
      }
    },
    "/nebula/v1/groups/{id}": {
      "delete": {
        "description": "Delete group by id.",
        "summary": "Delete group by id",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Groups"
        ],
        "operationId": "api.nebula.delete.groups"
      },
      "get": {
        "description": "Get group by id.",
        "summary": "Get group by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Group",
                  "additionalProperties": true,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id of the group"
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account id to which this group belong"
                    },
                    "name": {
                      "type": "string",
                      "title": "The neame of the group"
                    },
                    "machines_count": {
                      "type": "integer",
                      "title": "Count of machines"
                    },
                    "policy_id": {
                      "type": "string",
                      "title": "Policy id associated to the group"
                    },
                    "policy_name": {
                      "type": "string",
                      "title": "Policy name"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2017-04-06T20:26:07.345213Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Default"
                    },
                    "schedule_ids": {
                      "type": "array",
                      "title": "Array of schedule ids",
                      "items": {
                        "type": "string",
                        "title": "Schedule Id"
                      }
                    },
                    "parent_id": {
                      "type": "string",
                      "title": "Parent id"
                    },
                    "root_id": {
                      "type": "string",
                      "title": "Root id"
                    },
                    "ou_object_id": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "Ou object id"
                    },
                    "child_group_count": {
                      "type": "integer",
                      "title": "Child group count"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Groups"
        ],
        "operationId": "api.nebula.getbyid.groups"
      },
      "put": {
        "description": "Update group.",
        "summary": "Update group",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Group Save",
                "description": "Payload for creating a group",
                "required": [
                  "name",
                  "policy_id"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name"
                  },
                  "policy_id": {
                    "type": "string",
                    "title": "Policy Id",
                    "examples": [
                      "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7"
                    ]
                  },
                  "parent_id": {
                    "type": "string",
                    "title": "Parent Id",
                    "description": "Id of parent group."
                  },
                  "schedule_ids": {
                    "type": "array",
                    "title": "Schedule IDs this group should be assigned to",
                    "description": "Schedule IDs this group should be assigned to",
                    "items": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "title": "The schedule ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Group",
                  "additionalProperties": true,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id of the group"
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account id to which this group belong"
                    },
                    "name": {
                      "type": "string",
                      "title": "The neame of the group"
                    },
                    "machines_count": {
                      "type": "integer",
                      "title": "Count of machines"
                    },
                    "policy_id": {
                      "type": "string",
                      "title": "Policy id associated to the group"
                    },
                    "policy_name": {
                      "type": "string",
                      "title": "Policy name"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2017-04-06T20:26:07.345213Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Default"
                    },
                    "schedule_ids": {
                      "type": "array",
                      "title": "Array of schedule ids",
                      "items": {
                        "type": "string",
                        "title": "Schedule Id"
                      }
                    },
                    "parent_id": {
                      "type": "string",
                      "title": "Parent id"
                    },
                    "root_id": {
                      "type": "string",
                      "title": "Root id"
                    },
                    "ou_object_id": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "Ou object id"
                    },
                    "child_group_count": {
                      "type": "integer",
                      "title": "Child group count"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Groups"
        ],
        "operationId": "api.nebula.put.groups"
      }
    },
    "/nebula/v1/groups": {
      "get": {
        "description": "Get all groups in an account.",
        "summary": "Get all groups",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "name",
            "required": false,
            "in": "query",
            "description": "Filter by group name",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "parent_id",
            "required": false,
            "in": "query",
            "description": "For filtering by parent group ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "filter_by_parent_id",
            "required": false,
            "in": "query",
            "description": "Set this to 'true' when parent_id has been set.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Collection of groups",
                  "required": [
                    "groups",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "groups": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Group",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the group"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account id to which this group belong"
                          },
                          "name": {
                            "type": "string",
                            "title": "The neame of the group"
                          },
                          "machines_count": {
                            "type": "integer",
                            "title": "Count of machines"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "Policy id associated to the group"
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2017-04-06T20:26:07.345213Z"
                            ]
                          },
                          "is_default": {
                            "type": "boolean",
                            "title": "Default"
                          },
                          "schedule_ids": {
                            "type": "array",
                            "title": "Array of schedule ids",
                            "items": {
                              "type": "string",
                              "title": "Schedule Id"
                            }
                          },
                          "parent_id": {
                            "type": "string",
                            "title": "Parent id"
                          },
                          "root_id": {
                            "type": "string",
                            "title": "Root id"
                          },
                          "ou_object_id": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "Ou object id"
                          },
                          "child_group_count": {
                            "type": "integer",
                            "title": "Child group count"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Groups"
        ],
        "operationId": "api.nebula.get.groups"
      },
      "post": {
        "description": "Create group.",
        "summary": "Create group",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Group Save",
                "description": "Payload for creating a group",
                "required": [
                  "name",
                  "policy_id"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name"
                  },
                  "policy_id": {
                    "type": "string",
                    "title": "Policy Id",
                    "examples": [
                      "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7"
                    ]
                  },
                  "parent_id": {
                    "type": "string",
                    "title": "Parent Id",
                    "description": "Id of parent group."
                  },
                  "schedule_ids": {
                    "type": "array",
                    "title": "Schedule IDs this group should be assigned to",
                    "description": "Schedule IDs this group should be assigned to",
                    "items": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "title": "The schedule ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Group",
                  "additionalProperties": true,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id of the group"
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account id to which this group belong"
                    },
                    "name": {
                      "type": "string",
                      "title": "The neame of the group"
                    },
                    "machines_count": {
                      "type": "integer",
                      "title": "Count of machines"
                    },
                    "policy_id": {
                      "type": "string",
                      "title": "Policy id associated to the group"
                    },
                    "policy_name": {
                      "type": "string",
                      "title": "Policy name"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2017-04-06T20:26:07.345213Z"
                      ]
                    },
                    "is_default": {
                      "type": "boolean",
                      "title": "Default"
                    },
                    "schedule_ids": {
                      "type": "array",
                      "title": "Array of schedule ids",
                      "items": {
                        "type": "string",
                        "title": "Schedule Id"
                      }
                    },
                    "parent_id": {
                      "type": "string",
                      "title": "Parent id"
                    },
                    "root_id": {
                      "type": "string",
                      "title": "Root id"
                    },
                    "ou_object_id": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "Ou object id"
                    },
                    "child_group_count": {
                      "type": "integer",
                      "title": "Child group count"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Groups"
        ],
        "operationId": "api.nebula.post.groups"
      }
    },
    "/nebula/v1/groups/{id}/machines": {
      "post": {
        "description": "Use this endpoint to move machines in a group.\nThis API endpoint allows you to specify queries instead of explicitly specifying endpoint ids. See example for more details.\n\nTo assign all your `Mac Os` to a group, and on all your endpoints for a certain account with policy matching the string `serious policy`, use the following body:\n\n```json\n    \"queries\": [{\n        \"os_info.os_platform\": \"Mac Os\"\n    }, {\n        \"policy_name\": \"serious policy\"    \n    }]\n```\nThe constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted.\n\nYou can also send a mix of explicit endpoint ids and queries in the same request: \n```json\n    \"endpoints\": [{ \"id\": \"<endpoint_id>\" }],\n    \"queries\": [{\n        \"os_info.os_platform\": \"Mac Os\"\n    }, {\n        \"policy_name\": \"serious policy\"    \n    }]\n```\n",
        "summary": "Assign endpoints to a group",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Update groups in bulks",
                "required": [
                  "endpoints",
                  "queries"
                ],
                "properties": {
                  "endpoints": {
                    "type": "array",
                    "title": "Endpoints",
                    "items": {
                      "type": "object",
                      "title": "Endpoint items",
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "machine id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        }
                      }
                    }
                  },
                  "queries": {
                    "type": "array",
                    "title": "Groups",
                    "items": {
                      "type": "object",
                      "title": "Group items",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "name_multi_search": {
                              "type": "string",
                              "title": "Search either alias, host name of fully qualified host name"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified id"
                            },
                            "is_isolated": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoints are isolated or not"
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "Indicates whether the agent has an available update"
                            },
                            "has_alerts": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoint needs attention"
                            },
                            "alerts.codes": {
                              "type": "string",
                              "title": "Alert codes"
                            },
                            "suspicious_activity_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints that have open suspicious activities"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints needing a reboot"
                            },
                            "infection_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints with one or more security threats found"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (id)"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (name)"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy etag"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified domain name"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified engine version"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Last user that logged into the machine"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "alias": {
                              "type": "string",
                              "title": "Aliases for the machine"
                            },
                            "plugins.siem.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM plugin version"
                            },
                            "plugins.siem.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM alerts"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                            },
                            "plugins.browser_phishing_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                            },
                            "plugins.incident_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin version"
                            },
                            "plugins.incident_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin alerts"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin version"
                            },
                            "plugins.endpoint_detection_and_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                            },
                            "plugins.endpoint_protection.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP update package version"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with wildcard EP update package version"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP component package version"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP SDK version"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin version"
                            },
                            "plugins.endpoint_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin alerts"
                            },
                            "plugins.asset_manager.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager plugin version"
                            },
                            "plugins.asset_manager.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager alerts"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified, fully qualified host name"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified host name"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS architecture"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS version"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS type"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS description"
                            },
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS MAC address"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified ips"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by specified engine version."
                            },
                            "engine_version_gt": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than specified value."
                            },
                            "engine_version_gte": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than or equal to specified value."
                            },
                            "engine_version_lt": {
                              "type": "string",
                              "title": "Filter the search by engine version less than specified value."
                            },
                            "engine_version_lte": {
                              "type": "string",
                              "title": "Filter the search by engine version less than or equal to specified value."
                            },
                            "protection_status": {
                              "type": "string",
                              "title": "Protection status of the endpoint(s)",
                              "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group's name"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Source location city filter"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Source location country filter"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Source location country_iso filter"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Source location continent filter"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Source location time_zone filter"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Source location postal_code filter"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Source location subdivisions filter"
                            },
                            "source_location.is_anonymous_proxy": {
                              "type": "boolean",
                              "title": "Source location is_anonymous_proxy filter"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "machine_ip filter"
                            },
                            "serial_number": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "serial_number.keyword": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "object_guid filter"
                            },
                            "is_deleted": {
                              "type": "boolean",
                              "default": false,
                              "nullable": true,
                              "title": "is_deleted filter"
                            },
                            "vulnerabilities_found_total_gt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gt"
                            },
                            "vulnerabilities_found_total_lt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lt"
                            },
                            "vulnerabilities_found_total_gte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gte"
                            },
                            "vulnerabilities_found_total_lte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lte"
                            },
                            "connected": {
                              "type": "boolean",
                              "title": "connected"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "multi_sort": {
                              "type": "array",
                              "title": "The multi_sort schema",
                              "items": {
                                "type": "object",
                                "title": "Sort field and direction",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Sort field",
                                    "enum": [
                                      "at",
                                      "nics.ips",
                                      "nics.mac_address",
                                      "nics.description",
                                      "os_info.os_type",
                                      "os_info.os_version",
                                      "os_info.os_platform",
                                      "os_info.os_architecture",
                                      "os_info.os_release_name",
                                      "host_name",
                                      "fully_qualified_host_name",
                                      "plugins.asset_manager.plugin_version",
                                      "plugins.asset_manager.reboot_reason",
                                      "plugins.endpoint_protection.plugin_version",
                                      "plugins.endpoint_protection.sdk_version",
                                      "plugins.endpoint_protection.component_package_version",
                                      "plugins.endpoint_protection.update_package_version",
                                      "plugins.endpoint_protection.reboot_reason",
                                      "plugins.endpoint_detection_and_response.plugin_version",
                                      "plugins.endpoint_detection_and_response.reboot_reason",
                                      "plugins.incident_response.plugin_version",
                                      "plugins.incident_response.reboot_reason",
                                      "plugins.siem.plugin_version",
                                      "plugins.browser_phishing_protection.plugin_version",
                                      "plugins.siem.reboot_reason",
                                      "engine_version",
                                      "domain_name",
                                      "policy_etag",
                                      "account_id",
                                      "group_id",
                                      "root_group_id",
                                      "group_name",
                                      "policy_name",
                                      "policy_id",
                                      "deleted_at",
                                      "created_at",
                                      "marked_for_deletion",
                                      "is_deleted",
                                      "last_day_seen",
                                      "last_scanned_at",
                                      "last_user",
                                      "tags.alias",
                                      "name_multi_search",
                                      "machine_ip",
                                      "serial_number",
                                      "object_guid",
                                      "vulnerabilities_found.critical",
                                      "vulnerabilities_found.high",
                                      "vulnerabilities_found.medium",
                                      "vulnerabilities_found.low",
                                      "vulnerabilities_found.none",
                                      "vulnerabilities_found.total",
                                      "os_patches_available",
                                      "last_assets_scan_at",
                                      "connected"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Direction",
                                    "enum": [
                                      "asc",
                                      "desc"
                                    ]
                                  },
                                  "missing": {
                                    "type": "string",
                                    "title": "Missing values sorting",
                                    "enum": [
                                      "_first",
                                      "_last"
                                    ]
                                  }
                                }
                              }
                            },
                            "populate": {
                              "type": "object",
                              "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                              "properties": {
                                "last_job": {
                                  "type": "boolean",
                                  "title": "The last_job data"
                                },
                                "account": {
                                  "type": "boolean",
                                  "title": "The account data"
                                },
                                "default_group": {
                                  "type": "boolean",
                                  "title": "Specify whether the group is default"
                                },
                                "app_block": {
                                  "type": "boolean",
                                  "title": "Specify the number of app block activity"
                                },
                                "platform": {
                                  "type": "boolean",
                                  "title": "Specify the platform on OS release name aggregation"
                                }
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The page size. If you just need to aggregate, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The fields onto which you can perform aggregations",
                              "default": [],
                              "items": {
                                "type": "string",
                                "title": "The Items Schema",
                                "enum": [
                                  "has_alerts",
                                  "infected",
                                  "suspicious",
                                  "scan_needed",
                                  "reboot_required",
                                  "check-in_status",
                                  "isolated",
                                  "protection_status",
                                  "os_info.os_release_name",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "plugins.asset_manager.plugin_version",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.asset_manager.alerts.codes",
                                  "plugins.endpoint_protection.plugin_version",
                                  "plugins.endpoint_protection.sdk_version",
                                  "plugins.endpoint_protection.alerts.codes",
                                  "plugins.endpoint_protection.component_package_version",
                                  "plugins.endpoint_protection.update_package_version",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.alerts.codes",
                                  "plugins.incident_response.plugin_version",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.incident_response.alerts.codes",
                                  "plugins.siem.plugin_version",
                                  "plugins.siem.reboot_reason",
                                  "plugins.siem.alerts.codes",
                                  "engine_version",
                                  "domain_name",
                                  "policy_etag",
                                  "account_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_name",
                                  "policy_id",
                                  "is_deleted",
                                  "is_software_update_available",
                                  "machine_ip",
                                  "object_guid",
                                  "serial_number"
                                ]
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Whether sorting should be ascending or descending",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "at_after": {
                              "type": "string",
                              "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "1970-01-01T00:00:00Z"
                              ]
                            },
                            "at_before": {
                              "type": "string",
                              "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_after": {
                              "type": "string",
                              "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_before": {
                              "type": "string",
                              "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "app_block_count_after": {
                              "type": "string",
                              "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregate_by_account": {
                              "type": "boolean",
                              "title": "Indicates whether aggregations should be scoped by account"
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Delete Endpoints Bulk Body 200 Schema",
                  "required": [
                    "moved"
                  ],
                  "properties": {
                    "moved": {
                      "type": "array",
                      "title": "IDs of the deleted endpoint (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "items": {
                        "type": "string",
                        "title": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      }
                    },
                    "errors": {
                      "type": "array",
                      "title": "tasks not performed",
                      "items": {
                        "type": "object",
                        "title": "Endpoint ID",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_ids": {
                            "type": "array",
                            "title": "Account IDs",
                            "items": {
                              "type": "string",
                              "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Groups"
        ],
        "operationId": "api.v2.nebula.post.groups.bulk"
      }
    },
    "/nebula/v1/jobs/bulk": {
      "delete": {
        "description": "Cancel pending Jobs",
        "summary": "Cancel pending jobs",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Cancel Jobs",
                "anyOf": [
                  {
                    "required": [
                      "job_ids"
                    ]
                  },
                  {
                    "required": [
                      "machine_ids"
                    ]
                  },
                  {
                    "required": [
                      "groups"
                    ]
                  }
                ],
                "properties": {
                  "job_ids": {
                    "type": "array",
                    "title": "The Job IDs Schema",
                    "items": {
                      "type": "string",
                      "title": "Job ID",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  },
                  "machine_ids": {
                    "type": "array",
                    "title": "The Machine IDs Schema",
                    "items": {
                      "type": "string",
                      "title": "Machine ID",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "Machines",
                    "items": {
                      "type": "object",
                      "title": "List of queries to select endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "required": [
                            "account_ids"
                          ],
                          "properties": {
                            "has_alerts": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoint needs attention"
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Search either alias, host name of fully qualified host name"
                            },
                            "alerts.codes": {
                              "type": "string",
                              "title": "Alert codes"
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "Indicates whether the agent has an available update"
                            },
                            "protection_status": {
                              "type": "string",
                              "title": "Protection status of the endpoint(s)",
                              "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                            },
                            "is_isolated": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoints are isolated or not"
                            },
                            "suspicious_activity_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints that have open suspicious activities"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints needing  a reboot"
                            },
                            "infection_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints with one or more security threats found"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (id)"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (name)"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy etag"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified domain name"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified engine version"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Last user that logged into the machine"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "alias": {
                              "type": "string",
                              "title": "Aliases for the machine"
                            },
                            "plugins.siem.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM plugin version"
                            },
                            "plugins.siem.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM alerts"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                            },
                            "plugins.browser_phishing_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                            },
                            "plugins.incident_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin version"
                            },
                            "plugins.incident_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin alerts"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin version"
                            },
                            "plugins.endpoint_detection_and_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                            },
                            "plugins.endpoint_protection.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP update package version"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP component package version"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP SDK version"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin version"
                            },
                            "plugins.endpoint_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin alerts"
                            },
                            "plugins.asset_manager.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager plugin version"
                            },
                            "plugins.asset_manager.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager alerts"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified, fully qualified host name"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified host name"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS architecture"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS version"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS type"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS description"
                            },
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS MAC address"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified ips"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by specified engine version."
                            },
                            "engine_version_gt": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than specified value."
                            },
                            "engine_version_gte": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than or equal to specified value."
                            },
                            "engine_version_lt": {
                              "type": "string",
                              "title": "Filter the search by engine version less than specified value."
                            },
                            "engine_version_lte": {
                              "type": "string",
                              "title": "Filter the search by engine version less than or equal to specified value."
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group's name"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Source location city filter"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Source location country filter"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Source location country_iso filter"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Source location continent filter"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Source location time_zone filter"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Source location postal_code filter"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Source location subdivisions filter"
                            },
                            "source_location.is_anonymous_proxy": {
                              "type": "boolean",
                              "title": "Source location is_anonymous_proxy filter"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "machine_ip filter"
                            },
                            "serial_number": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "serial_number.keyword": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "object_guid filter"
                            },
                            "is_deleted": {
                              "type": "boolean",
                              "default": false,
                              "nullable": true,
                              "title": "is_deleted filter"
                            },
                            "vulnerabilities_found_total_gt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gt"
                            },
                            "vulnerabilities_found_total_lt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lt"
                            },
                            "vulnerabilities_found_total_gte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gte"
                            },
                            "vulnerabilities_found_total_lte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lte"
                            },
                            "connected": {
                              "type": "boolean",
                              "title": "connected"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "multi_sort": {
                              "type": "array",
                              "title": "The multi_sort schema",
                              "items": {
                                "type": "object",
                                "title": "Sort field and direction",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Sort field",
                                    "enum": [
                                      "at",
                                      "nics.ips",
                                      "nics.mac_address",
                                      "nics.description",
                                      "os_info.os_type",
                                      "os_info.os_version",
                                      "os_info.os_platform",
                                      "os_info.os_architecture",
                                      "os_info.os_release_name",
                                      "host_name",
                                      "fully_qualified_host_name",
                                      "plugins.asset_manager.plugin_version",
                                      "plugins.asset_manager.reboot_reason",
                                      "plugins.endpoint_protection.plugin_version",
                                      "plugins.endpoint_protection.sdk_version",
                                      "plugins.endpoint_protection.component_package_version",
                                      "plugins.endpoint_protection.update_package_version",
                                      "plugins.endpoint_protection.reboot_reason",
                                      "plugins.endpoint_detection_and_response.plugin_version",
                                      "plugins.endpoint_detection_and_response.reboot_reason",
                                      "plugins.incident_response.plugin_version",
                                      "plugins.incident_response.reboot_reason",
                                      "plugins.siem.plugin_version",
                                      "plugins.browser_phishing_protection.plugin_version",
                                      "plugins.siem.reboot_reason",
                                      "engine_version",
                                      "domain_name",
                                      "policy_etag",
                                      "account_id",
                                      "group_id",
                                      "root_group_id",
                                      "group_name",
                                      "policy_name",
                                      "policy_id",
                                      "deleted_at",
                                      "created_at",
                                      "marked_for_deletion",
                                      "is_deleted",
                                      "last_day_seen",
                                      "last_scanned_at",
                                      "last_user",
                                      "tags.alias",
                                      "name_multi_search",
                                      "machine_ip",
                                      "serial_number",
                                      "object_guid",
                                      "vulnerabilities_found.critical",
                                      "vulnerabilities_found.high",
                                      "vulnerabilities_found.medium",
                                      "vulnerabilities_found.low",
                                      "vulnerabilities_found.none",
                                      "vulnerabilities_found.total",
                                      "os_patches_available",
                                      "last_assets_scan_at",
                                      "connected"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Direction",
                                    "enum": [
                                      "asc",
                                      "desc"
                                    ]
                                  },
                                  "missing": {
                                    "type": "string",
                                    "title": "Missing values sorting",
                                    "enum": [
                                      "_first",
                                      "_last"
                                    ]
                                  }
                                }
                              }
                            },
                            "populate": {
                              "type": "object",
                              "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                              "properties": {
                                "last_job": {
                                  "type": "boolean",
                                  "title": "The last_job data"
                                },
                                "account": {
                                  "type": "boolean",
                                  "title": "The account data"
                                },
                                "platform": {
                                  "type": "boolean",
                                  "title": "Specify the platform on OS release name aggregation"
                                }
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The page size. If you just need to aggregate, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The fields onto which you can perform aggregations",
                              "default": [],
                              "items": {
                                "type": "string",
                                "title": "The Items Schema",
                                "enum": [
                                  "has_alerts",
                                  "infected",
                                  "suspicious",
                                  "scan_needed",
                                  "reboot_required",
                                  "check-in_status",
                                  "isolated",
                                  "protection_status",
                                  "os_info.os_release_name",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "plugins.asset_manager.plugin_version",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.asset_manager.alerts.codes",
                                  "plugins.endpoint_protection.plugin_version",
                                  "plugins.endpoint_protection.sdk_version",
                                  "plugins.endpoint_protection.alerts.codes",
                                  "plugins.endpoint_protection.component_package_version",
                                  "plugins.endpoint_protection.update_package_version",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.alerts.codes",
                                  "plugins.incident_response.plugin_version",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.incident_response.alerts.codes",
                                  "plugins.siem.plugin_version",
                                  "plugins.siem.reboot_reason",
                                  "plugins.siem.alerts.codes",
                                  "engine_version",
                                  "domain_name",
                                  "policy_etag",
                                  "account_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_name",
                                  "policy_id",
                                  "is_deleted",
                                  "is_software_update_available",
                                  "machine_ip",
                                  "serial_number",
                                  "object_guid"
                                ]
                              }
                            },
                            "account_ids": {
                              "type": "array",
                              "title": "The account_ids against which you want to run the search. This field is mandatory, and you need to explicitly set all the account_ids in which you want to search endpoints",
                              "items": {
                                "type": "string",
                                "title": "The Items Schema (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                "examples": [
                                  "9256034b-7967-4253-a5d9-260663e4fa4f"
                                ]
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Whether sorting should be ascending or descending",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "at_after": {
                              "type": "string",
                              "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "at_before": {
                              "type": "string",
                              "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_after": {
                              "type": "string",
                              "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_before": {
                              "type": "string",
                              "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregate_by_account": {
                              "type": "boolean",
                              "title": "Indicates whether aggregations should be scoped by account"
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.delete.jobs.bulk"
      },
      "post": {
        "description": "Use this endpoint to issue a job by supplying a query selector.\nThis API endpoint allows you to specify queries instead of explicitly specifying endpoint ids. See example for more details.\n\nSee `Issue a job` for the commands list\n\nJobs are issued asynchronously and processed by endpoint agents when they get online. If you want to get notifications about the progress of a job, create a subscription to the `job_status_change` webhook event.\n\n\n## Command specific data\nYou can customize each command using specific settings. Supply those command-specific settings in the `data` parameter.\n\n### command.threat.scan\n\nIf you want to just report detections:\n```json\n{\"scan_settings\":{\"type\":\"ThreatScan\",\"remove\":false}}\n```\n\nIf you want to quarantine detected items:\n```json\n{\"scan_settings\":{\"type\":\"ThreatScan\",\"remove\":true}}\n```\n\n### command.edr.isolation\nSpecify the extent of your isolation. Can be any combination of `desktop`, `network`, or `process`.\n```json\n{\"desktop\":true,\"network\":true,\"process\":true}\n```\n\n### command.threat.quarantine.restore\nRestore item from quarantine. Specify one or more detection ids\n```json\n{\"restore_items\":[\"7021ebec-b7b8-49b3-8709-f36bf5002c30\"]}\n```\n\n### command.threat.quarantine.remove\nDelete item from quarantine. Specify one or more detection ids\n```json\n{\"delete_items\":[\"7021ebec-b7b8-49b3-8709-f36bf5002c30\"]}\n```\n\n### command.edr.fileupload\nUpload a file to Sandbox Analysis. Specify the file path to the executable and machine ids. \n```json\n{ \n     \"command\": \"command.edr.fileupload\", \n     \"machine_ids\": [\"9256034b-7967-4253-a5d9-260663e4fa4f\", \"7021ebec-b7b8-49b3-8709-f36bf5002c30\"], \n     \"data\": { \n          \"path\": \"C:\\\\Windowss\\\\app.exe\" \n     } \n}\n```\n\n## examples\n```json\n{\n    \"endpoints\": [{ \"id\": \"<endpoint_id>\" }]\n}\n```\nIf you want to issue a job on all your `Mac Os` endpoints, and on all your endpoints for a certain account with policy matching the string `serious policy`, do the following:\n\n```json\n    \"queries\": [{\n        \"os_info.os_platform\": \"Mac Os\"\n    }, {\n        \"policy_name\": \"serious policy\"\n    }]\n```\nThe constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted.\n\nYou can also send a mix of explicit endpoint ids and queries in the same request:\n```json\n    \"endpoints\": [{ \"id\": \"<endpoint_id>\" }],\n    \"queries\": [{\n        \"os_info.os_platform\": \"Mac Os\"\n    }, {\n        \"policy_name\": \"serious policy\"\n    }]\n```\nThe response includes the explicit ids on which the job was issued.\n",
        "summary": "Issue jobs",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Isolate Request Body Schema",
                "required": [
                  "endpoints",
                  "command"
                ],
                "anyOf": [
                  {
                    "required": [
                      "groups"
                    ]
                  },
                  {
                    "required": [
                      "queries"
                    ]
                  }
                ],
                "properties": {
                  "command": {
                    "type": "string",
                    "title": "Command"
                  },
                  "requires_connected": {
                    "type": "boolean",
                    "title": "Whether a connection needs to be initiated before issuing this jobs (i.e. active response shell)"
                  },
                  "data": {
                    "type": "object",
                    "title": "Data",
                    "properties": {
                      "scan_settings": {
                        "type": "object",
                        "title": "Scan settings",
                        "properties": {
                          "type": {
                            "type": "string",
                            "title": "Type",
                            "enum": [
                              "CustomScan",
                              "ThreatScan",
                              "HyperScan"
                            ]
                          },
                          "remove": {
                            "type": "boolean",
                            "title": "Remove"
                          }
                        }
                      },
                      "enable_shuriken": {
                        "type": "boolean",
                        "title": "Enable shuriken"
                      },
                      "allow_postpone_reboot": {
                        "type": "boolean",
                        "title": "Allow postpone reboot"
                      },
                      "type": {
                        "type": "string",
                        "title": "Type"
                      },
                      "scan_path_from_list_file": {
                        "type": "boolean",
                        "title": "Scan path from list file"
                      },
                      "scan_path": {
                        "type": "string",
                        "title": "Scan path"
                      },
                      "add_scan_paths": {
                        "type": "array",
                        "title": "Add scan paths",
                        "items": {
                          "type": "string",
                          "title": "Add scan paths items"
                        }
                      },
                      "no_archive": {
                        "type": "boolean",
                        "title": "No archive"
                      },
                      "ark": {
                        "type": "boolean",
                        "title": "Ark"
                      },
                      "remove": {
                        "type": "boolean",
                        "title": "Remove"
                      },
                      "no_reboot": {
                        "type": "boolean",
                        "title": "No reboot"
                      },
                      "reboot_delay": {
                        "type": "integer",
                        "title": "Reboot delay"
                      },
                      "reboot_delay_rrule": {
                        "type": "string",
                        "title": "Reboot delay rrule"
                      },
                      "reboot_message": {
                        "type": "string",
                        "title": "Reboot message"
                      },
                      "pum_detection": {
                        "type": "string",
                        "title": "Pum detection"
                      },
                      "pup_detection": {
                        "type": "string",
                        "title": "Pup detection"
                      },
                      "scan_memory": {
                        "type": "boolean",
                        "title": "Scan memory"
                      },
                      "scan_registry": {
                        "type": "boolean",
                        "title": "Scan registry"
                      },
                      "scan_startup": {
                        "type": "boolean",
                        "title": "Scan startup"
                      },
                      "scan_file_system": {
                        "type": "boolean",
                        "title": "Scan file system"
                      },
                      "scan_priority": {
                        "type": "string",
                        "title": "Scan priority"
                      },
                      "scan_fixed_drives": {
                        "type": "boolean",
                        "title": "Scan fixed drives"
                      },
                      "exclusions": {
                        "type": "array",
                        "title": "Exclusions",
                        "items": {
                          "type": "object",
                          "title": "Exclusion items",
                          "additionalProperties": true,
                          "properties": {
                            "value": {
                              "type": "string",
                              "title": "Value"
                            },
                            "type": {
                              "type": "string",
                              "title": "Type"
                            },
                            "exclude_from": {
                              "type": "object",
                              "title": "Exclude from",
                              "properties": {
                                "exploit_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Exploit protection"
                                },
                                "malware_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Malware protection"
                                },
                                "ransomware_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Ransomware protection"
                                },
                                "suspicious_activity": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Suspicious activity"
                                },
                                "website_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Website protection"
                                }
                              }
                            }
                          }
                        }
                      },
                      "allow_postpone": {
                        "type": [
                          "boolean",
                          "number"
                        ],
                        "title": "Asset Reboot allow postpone"
                      },
                      "delay_in_seconds": {
                        "type": "number",
                        "title": "Asset Reboot delay"
                      },
                      "message": {
                        "type": "string",
                        "title": "Asset Reboot message"
                      },
                      "reasons": {
                        "type": "number",
                        "title": "Asset Reboot reason: 0 RebootStatusClear, 1 RebootStatusDOR, 2 RebootStatusInstall, 3 RebootStatusUpgrade, 4 RebootStatusUnknown"
                      },
                      "restore_items": {
                        "type": "array",
                        "title": "Detection IDs to restore from quarantine",
                        "items": {
                          "type": "string",
                          "title": "Detection ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260653e4fa4f"
                          ]
                        }
                      },
                      "delete_items": {
                        "type": "array",
                        "title": "Detection IDs to delete from quarantine",
                        "items": {
                          "type": "string",
                          "title": "Detection ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260653e4fa4f"
                          ]
                        }
                      },
                      "patches": {
                        "type": "array",
                        "title": "Options for command.asset.patch",
                        "items": {
                          "type": "object",
                          "properties": {
                            "category": {
                              "type": "string",
                              "examples": [
                                "feature_pack"
                              ]
                            },
                            "product": {
                              "type": "string",
                              "examples": [
                                "Silverlight"
                              ]
                            },
                            "severity": {
                              "type": "string",
                              "examples": [
                                "critical"
                              ]
                            },
                            "title": {
                              "type": "string",
                              "examples": [
                                "Microsoft Silverlight (KB4481252)"
                              ]
                            },
                            "vendor": {
                              "type": "string",
                              "examples": [
                                "Microsoft Corporation"
                              ]
                            }
                          }
                        }
                      },
                      "application_name": {
                        "type": "string",
                        "examples": [
                          "Chrome"
                        ]
                      },
                      "current_version": {
                        "type": "string",
                        "examples": [
                          "96.0.4664.45"
                        ]
                      },
                      "new_version": {
                        "type": "string",
                        "examples": [
                          "97.0.2103.01"
                        ]
                      },
                      "product": {
                        "type": "number",
                        "product": [
                          41
                        ]
                      },
                      "vendor": {
                        "type": "string",
                        "examples": [
                          "Google"
                        ]
                      },
                      "architecture": {
                        "type": "string",
                        "examples": [
                          "x86"
                        ]
                      },
                      "language": {
                        "type": "string",
                        "examples": [
                          "tr-TR"
                        ]
                      }
                    }
                  },
                  "endpoints": {
                    "type": "array",
                    "title": "Machine IDs",
                    "items": {
                      "type": "object",
                      "title": "Machine IDs items",
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "Machine IDs",
                    "items": {
                      "type": "object",
                      "title": "Group items",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search endpoints request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "name_multi_search": {
                              "type": "string",
                              "title": "Search either alias, host name of fully qualified host name"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified id"
                            },
                            "is_isolated": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoints are isolated or not"
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "Indicates whether the agent has an available update"
                            },
                            "has_alerts": {
                              "type": "boolean",
                              "title": "Indicates whether the endpoint needs attention"
                            },
                            "alerts.codes": {
                              "type": "string",
                              "title": "Alert codes"
                            },
                            "suspicious_activity_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints that have open suspicious activities"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints needing a reboot"
                            },
                            "infection_found": {
                              "type": "boolean",
                              "title": "Filter the search to the endpoints with one or more security threats found"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (id)"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy (name)"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified policy etag"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified domain name"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified engine version"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Last user that logged into the machine"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "alias": {
                              "type": "string",
                              "title": "Aliases for the machine"
                            },
                            "plugins.siem.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM plugin version"
                            },
                            "plugins.siem.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified SIEM alerts"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                            },
                            "plugins.browser_phishing_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified Browser Phishing Protection alerts"
                            },
                            "plugins.incident_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin version"
                            },
                            "plugins.incident_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified IR plugin alerts"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin version"
                            },
                            "plugins.endpoint_detection_and_response.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EDR plugin alerts"
                            },
                            "plugins.endpoint_protection.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP update package version"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with wildcard EP update package version"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP component package version"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP SDK version"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin version"
                            },
                            "plugins.endpoint_protection.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified EP plugin alerts"
                            },
                            "plugins.asset_manager.reboot_reason": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager plugin version"
                            },
                            "plugins.asset_manager.alerts.codes": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified asset manager alerts"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified, fully qualified host name"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified host name"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified release name of OS"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS architecture"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS version"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified OS type"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS description"
                            },
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified NICS MAC address"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter the search to the endpoints with specified ips"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints belonging to the specified group's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints assigned to the specified policy's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by specified engine version."
                            },
                            "engine_version_gt": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than specified value."
                            },
                            "engine_version_gte": {
                              "type": "string",
                              "title": "Filter the search by engine version greater than or equal to specified value."
                            },
                            "engine_version_lt": {
                              "type": "string",
                              "title": "Filter the search by engine version less than specified value."
                            },
                            "engine_version_lte": {
                              "type": "string",
                              "title": "Filter the search by engine version less than or equal to specified value."
                            },
                            "protection_status": {
                              "type": "string",
                              "title": "Protection status of the endpoint(s)",
                              "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group's name"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Source location city filter"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Source location country filter"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Source location country_iso filter"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Source location continent filter"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Source location time_zone filter"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Source location postal_code filter"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Source location subdivisions filter"
                            },
                            "source_location.is_anonymous_proxy": {
                              "type": "boolean",
                              "title": "Source location is_anonymous_proxy filter"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "machine_ip filter"
                            },
                            "serial_number": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "serial_number.keyword": {
                              "type": "string",
                              "title": "Serial number filter"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "object_guid filter"
                            },
                            "is_deleted": {
                              "type": "boolean",
                              "default": false,
                              "nullable": true,
                              "title": "is_deleted filter"
                            },
                            "vulnerabilities_found_total_gt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gt"
                            },
                            "vulnerabilities_found_total_lt": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lt"
                            },
                            "vulnerabilities_found_total_gte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_gte"
                            },
                            "vulnerabilities_found_total_lte": {
                              "type": "number",
                              "title": "vulnerabilities_found_total_lte"
                            },
                            "connected": {
                              "type": "boolean",
                              "title": "connected"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "plugins.asset_manager.plugin_version",
                                "plugins.asset_manager.reboot_reason",
                                "plugins.endpoint_protection.plugin_version",
                                "plugins.endpoint_protection.sdk_version",
                                "plugins.endpoint_protection.component_package_version",
                                "plugins.endpoint_protection.update_package_version",
                                "plugins.endpoint_protection.reboot_reason",
                                "plugins.endpoint_detection_and_response.plugin_version",
                                "plugins.endpoint_detection_and_response.reboot_reason",
                                "plugins.incident_response.plugin_version",
                                "plugins.incident_response.reboot_reason",
                                "plugins.siem.plugin_version",
                                "plugins.browser_phishing_protection.plugin_version",
                                "plugins.siem.reboot_reason",
                                "engine_version",
                                "domain_name",
                                "policy_etag",
                                "account_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_name",
                                "policy_id",
                                "deleted_at",
                                "created_at",
                                "marked_for_deletion",
                                "is_deleted",
                                "last_day_seen",
                                "last_scanned_at",
                                "last_user",
                                "tags.alias",
                                "name_multi_search",
                                "machine_ip",
                                "serial_number",
                                "object_guid",
                                "vulnerabilities_found.critical",
                                "vulnerabilities_found.high",
                                "vulnerabilities_found.medium",
                                "vulnerabilities_found.low",
                                "vulnerabilities_found.none",
                                "vulnerabilities_found.total",
                                "os_patches_available",
                                "last_assets_scan_at",
                                "connected"
                              ]
                            },
                            "multi_sort": {
                              "type": "array",
                              "title": "The multi_sort schema",
                              "items": {
                                "type": "object",
                                "title": "Sort field and direction",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Sort field",
                                    "enum": [
                                      "at",
                                      "nics.ips",
                                      "nics.mac_address",
                                      "nics.description",
                                      "os_info.os_type",
                                      "os_info.os_version",
                                      "os_info.os_platform",
                                      "os_info.os_architecture",
                                      "os_info.os_release_name",
                                      "host_name",
                                      "fully_qualified_host_name",
                                      "plugins.asset_manager.plugin_version",
                                      "plugins.asset_manager.reboot_reason",
                                      "plugins.endpoint_protection.plugin_version",
                                      "plugins.endpoint_protection.sdk_version",
                                      "plugins.endpoint_protection.component_package_version",
                                      "plugins.endpoint_protection.update_package_version",
                                      "plugins.endpoint_protection.reboot_reason",
                                      "plugins.endpoint_detection_and_response.plugin_version",
                                      "plugins.endpoint_detection_and_response.reboot_reason",
                                      "plugins.incident_response.plugin_version",
                                      "plugins.incident_response.reboot_reason",
                                      "plugins.siem.plugin_version",
                                      "plugins.browser_phishing_protection.plugin_version",
                                      "plugins.siem.reboot_reason",
                                      "engine_version",
                                      "domain_name",
                                      "policy_etag",
                                      "account_id",
                                      "group_id",
                                      "root_group_id",
                                      "group_name",
                                      "policy_name",
                                      "policy_id",
                                      "deleted_at",
                                      "created_at",
                                      "marked_for_deletion",
                                      "is_deleted",
                                      "last_day_seen",
                                      "last_scanned_at",
                                      "last_user",
                                      "tags.alias",
                                      "name_multi_search",
                                      "machine_ip",
                                      "serial_number",
                                      "object_guid",
                                      "vulnerabilities_found.critical",
                                      "vulnerabilities_found.high",
                                      "vulnerabilities_found.medium",
                                      "vulnerabilities_found.low",
                                      "vulnerabilities_found.none",
                                      "vulnerabilities_found.total",
                                      "os_patches_available",
                                      "last_assets_scan_at",
                                      "connected"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Direction",
                                    "enum": [
                                      "asc",
                                      "desc"
                                    ]
                                  },
                                  "missing": {
                                    "type": "string",
                                    "title": "Missing values sorting",
                                    "enum": [
                                      "_first",
                                      "_last"
                                    ]
                                  }
                                }
                              }
                            },
                            "populate": {
                              "type": "object",
                              "title": "Specify whether you need to populate the server's response with additional data, like account info or last task",
                              "properties": {
                                "last_job": {
                                  "type": "boolean",
                                  "title": "The last_job data"
                                },
                                "account": {
                                  "type": "boolean",
                                  "title": "The account data"
                                },
                                "default_group": {
                                  "type": "boolean",
                                  "title": "Specify whether the group is default"
                                },
                                "app_block": {
                                  "type": "boolean",
                                  "title": "Specify the number of app block activity"
                                },
                                "platform": {
                                  "type": "boolean",
                                  "title": "Specify the platform on OS release name aggregation"
                                }
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The page size. If you just need to aggregate, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The fields onto which you can perform aggregations",
                              "default": [],
                              "items": {
                                "type": "string",
                                "title": "The Items Schema",
                                "enum": [
                                  "has_alerts",
                                  "infected",
                                  "suspicious",
                                  "scan_needed",
                                  "reboot_required",
                                  "check-in_status",
                                  "isolated",
                                  "protection_status",
                                  "os_info.os_release_name",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "plugins.asset_manager.plugin_version",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.asset_manager.alerts.codes",
                                  "plugins.endpoint_protection.plugin_version",
                                  "plugins.endpoint_protection.sdk_version",
                                  "plugins.endpoint_protection.alerts.codes",
                                  "plugins.endpoint_protection.component_package_version",
                                  "plugins.endpoint_protection.update_package_version",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.alerts.codes",
                                  "plugins.incident_response.plugin_version",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.incident_response.alerts.codes",
                                  "plugins.siem.plugin_version",
                                  "plugins.siem.reboot_reason",
                                  "plugins.siem.alerts.codes",
                                  "engine_version",
                                  "domain_name",
                                  "policy_etag",
                                  "account_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_name",
                                  "policy_id",
                                  "is_deleted",
                                  "is_software_update_available",
                                  "machine_ip",
                                  "object_guid",
                                  "serial_number"
                                ]
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Whether sorting should be ascending or descending",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "at_after": {
                              "type": "string",
                              "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "1970-01-01T00:00:00Z"
                              ]
                            },
                            "at_before": {
                              "type": "string",
                              "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_scan_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been scanned after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_day_seen_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have last connected after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "marked_for_deletion_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been marked for deletion before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "deleted_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted after the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "ISO date string. Results include endpoints that have been deleted before the specified date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_after": {
                              "type": "string",
                              "title": "Last asset scan after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "last_assets_scan_at_before": {
                              "type": "string",
                              "title": "Last asset scan  before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "app_block_count_after": {
                              "type": "string",
                              "title": "Specify after which date to start app block activity count (Only when populate: {app_block: true} is set) (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregate_by_account": {
                              "type": "boolean",
                              "title": "Indicates whether aggregations should be scoped by account"
                            }
                          }
                        }
                      ]
                    }
                  },
                  "relay_state": {
                    "type": "string",
                    "title": "Relay state"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "201": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Create job response",
                  "required": [
                    "jobs",
                    "total_count"
                  ],
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "title": "List of jobs",
                      "items": {
                        "type": "object",
                        "title": "Job items",
                        "required": [
                          "machine_id",
                          "job_id"
                        ],
                        "properties": {
                          "machine_id": {
                            "type": "string",
                            "title": "The ID of the endpoint onto which the job was issued (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "job_id": {
                            "type": "string",
                            "title": "The ID of the job. You can use this ID to retrieve additional informations about the job and track its progress, as well as use it as a reference to handle webhooks notifications (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    },
                    "errors": {
                      "type": "array",
                      "title": "tasks not performed",
                      "items": {
                        "type": "object",
                        "title": "Endpoint ID",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_ids": {
                            "type": "array",
                            "title": "Account IDs",
                            "items": {
                              "type": "string",
                              "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The total number of issued jobs"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.post.jobs.bulk"
      }
    },
    "/nebula/v1/jobs/export": {
      "post": {
        "description": "Export jobs data. You can export across multiple accounts. Specify your interested fields and the output format.\n\nSupported output formats: csv, xlsx, json.\n\n## Settings\n\n| Name | Description |\n|------|-------------|\n| groups | List of queries. The constraints accepted are the same accepted by the search jobs route. Refer to `POST -> /jobs/search` for more information about the constraints accepted. |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n\n\n",
        "summary": "Export jobs",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The format of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ]
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "id",
                            "account_id",
                            "account_name",
                            "command",
                            "data",
                            "expires_at",
                            "issued_at",
                            "issued_by",
                            "issued_by_email",
                            "issued_by_name",
                            "cancelled_by",
                            "reason",
                            "machine_id",
                            "machine_name",
                            "status",
                            "updated_at",
                            "relay_state",
                            "tags.alias",
                            "data.scan_settings.remove",
                            "data.scan_settings.type"
                          ]
                        },
                        "mapValues": {
                          "type": "object",
                          "title": "Rename values",
                          "description": "Only string values are mapped, but numbers and booleans will be cast as strings. If a value is not defined it will not be changed",
                          "additionalProperties": {
                            "type": [
                              "string",
                              "number",
                              "boolean"
                            ]
                          }
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of search queries",
                    "items": {
                      "type": "object",
                      "title": "List of queries to fetch jobs. Refer to the search jobs endpoint",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search jobs request.",
                          "properties": {
                            "id": {
                              "type": "string",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "title": "Filter the search by a single job ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            },
                            "command": {
                              "title": "Filter the search by endpoint name command name",
                              "oneOf": [
                                {
                                  "type": "string",
                                  "enum": [
                                    "command.asset.reboot",
                                    "command.asset.refresh",
                                    "command.bfp.rules.delete",
                                    "command.service.diag",
                                    "command.edr.fileupload",
                                    "command.edr.unlock.force",
                                    "command.edr.isolation",
                                    "command.edr.lock",
                                    "command.sequence.remediate",
                                    "command.edr.unlock",
                                    "command.logging.level.set",
                                    "command.threat.quarantine.remove",
                                    "command.threat.quarantine.restore",
                                    "command.threat.scan",
                                    "command.threat.scan.remediate",
                                    "command.policy.refresh",
                                    "command.protection.update.now",
                                    "command.service.restart",
                                    "command.machine.update.now",
                                    "command.machine.plugin.updateparts",
                                    "command.edr.restore",
                                    "command.threat.remediate",
                                    "command.engine.changeaccounttoken",
                                    "command.asset.patch",
                                    "command.asset.updatesoftware",
                                    "command.ars.newconn"
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "command.asset.reboot",
                                      "command.asset.refresh",
                                      "command.bfp.rules.delete",
                                      "command.service.diag",
                                      "command.edr.fileupload",
                                      "command.edr.unlock.force",
                                      "command.edr.isolation",
                                      "command.edr.lock",
                                      "command.sequence.remediate",
                                      "command.edr.unlock",
                                      "command.logging.level.set",
                                      "command.threat.quarantine.remove",
                                      "command.threat.quarantine.restore",
                                      "command.threat.scan",
                                      "command.threat.scan.remediate",
                                      "command.policy.refresh",
                                      "command.protection.update.now",
                                      "command.service.restart",
                                      "command.machine.update.now",
                                      "command.machine.plugin.updateparts",
                                      "command.edr.restore",
                                      "command.threat.remediate",
                                      "command.engine.changeaccounttoken",
                                      "command.asset.patch",
                                      "command.asset.updatesoftware",
                                      "command.ars.newconn"
                                    ]
                                  },
                                  "minItems": 1,
                                  "uniqueItems": true
                                }
                              ],
                              "examples": [
                                "command.asset.refresh"
                              ]
                            },
                            "endpoint": {
                              "type": "string",
                              "title": "Filter the search by endpoint name.",
                              "description": "Search for occurrences of the given value in the host_name fully_qualified_host_name and alias"
                            },
                            "machine_id": {
                              "title": "Filter the search Machine Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "oneOf": [
                                {
                                  "type": "string",
                                  "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                  "examples": [
                                    "9256034b-7967-4253-a5d9-260663e4fa4f"
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "type": "string",
                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                    "examples": [
                                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                                    ]
                                  },
                                  "minItems": 1,
                                  "uniqueItems": true
                                }
                              ]
                            },
                            "issued_by": {
                              "type": "string",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "title": "Filter the search by the id of the user who issued the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            },
                            "issued_by_email": {
                              "type": "string",
                              "title": "Filter the search by the email of the user who issued the job. Contains operator."
                            },
                            "cancelled_by": {
                              "type": "string",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "title": "Filter the search by the id of the user who cancelled the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            },
                            "issued_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include jobs that have been issued before the specified date"
                            },
                            "issued_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include jobs that have been issued after the specified date"
                            },
                            "expires_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include jobs that expire before the specified date"
                            },
                            "expires_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Results include jobs that expire after the specified date"
                            },
                            "status": {
                              "type": "number",
                              "title": "Filter the search by status. You can also select multiple statuses using their sum",
                              "description": "1:CREATED, 2:SENT, 4:RECEIVED, 8:STARTED, 16:TIMED_OUT, 32:COMPLETED, 64:EXPIRED, 128:FAILED, 256:CANCELLED",
                              "minimum": 1,
                              "maximum": 511
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "default": "issued_at",
                              "enum": [
                                "command",
                                "issued_by",
                                "issued_at",
                                "expires_at",
                                "status",
                                "machine_name",
                                "account_name"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page",
                              "minimum": 1,
                              "default": 100,
                              "maximum": 2000
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            },
                            "populate": {
                              "type": "object",
                              "title": "The populate object Schema",
                              "properties": {
                                "online": {
                                  "type": "boolean",
                                  "title": "Populate the results with endpoint online/offline status"
                                }
                              }
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.post.export.jobs"
      }
    },
    "/nebula/v1/jobs/{id}": {
      "get": {
        "description": "Get a job and its full information by its ID.",
        "summary": "Get details about a job",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Job by ID response",
                  "required": [
                    "id",
                    "machine_id",
                    "machine_name",
                    "command",
                    "issued_at",
                    "issued_by_email",
                    "issued_by_name",
                    "issued_by",
                    "expires_at",
                    "updated_at",
                    "state"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "machine_id": {
                      "type": "string",
                      "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "machine_name": {
                      "type": "string",
                      "title": "Machine name"
                    },
                    "command": {
                      "type": "string",
                      "title": "Command"
                    },
                    "issued_at": {
                      "type": "string",
                      "title": "Issued at (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "issued_by_email": {
                      "type": "string",
                      "title": "Issued by email"
                    },
                    "issued_by_name": {
                      "type": "string",
                      "title": "The Issued_by_name Schema"
                    },
                    "issued_by": {
                      "type": "string",
                      "title": "Issued by user ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "expires_at": {
                      "type": "string",
                      "title": "Expires at (Ex. \"2020-03-23T17:23:17.860482Z\")",
                      "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2020-03-23T17:23:17.860482Z"
                      ]
                    },
                    "state": {
                      "type": "string",
                      "title": "State",
                      "pattern": "^PENDING|STARTED|TIMED_OUT|COMPLETED|EXPIRED|FAILED|CANCELLED"
                    },
                    "relay_state": {
                      "type": "string",
                      "title": "Relay state"
                    },
                    "scan_id": {
                      "type": "string",
                      "title": "Scan ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.get.jobs.id"
      }
    },
    "/nebula/v1/jobs": {
      "post": {
        "description": "Use this endpoint to issue a job on one or more of your endpoints.\n\nPossible `command`s are:\n\n| Name | Description |\n|------|-------------|\n| command.threat.scan | Issue a scan on the target endpoint (machine) |\n| command.asset.reboot | Reboot an endpoint |\n| command.service.restart | Restart the endpoint agent |\n| command.protection.update.now | Check for protection updates |\n| command.machine.update.now | Check for software updates |\n| command.asset.refresh | Refresh asset information about an endpoint |\n| command.edr.isolation | Isolate a machine |\n| command.threat.quarantine.remove | Delete item from quarantine |\n| command.threat.quarantine.restore | Restore item from quarantine |\n| command.bfp.rules.delete | Delete Active Block Rules |\n| command.service.diag | Generate Diagnostic Logs |\n| command.edr.fileupload | File Upload for Analysis |\n| command.edr.unlock.force | Force Remove Endpoint Isolation |\n| command.edr.lock | Isolating Endpoint |\n| command.sequence.remediate | Remediated Endpoint |\n| command.edr.unlock | Remove Endpoint Isolation |\n| command.logging.level.set | Endpoint Logging Level Changed |\n| command.threat.scan.remediate | Remediate Endpoint |\n| command.policy.refresh | Refresh Policy |\n| command.machine.plugin.updateparts | Install Software Updates |\n| command.asset.patch | Install Software Patch |\n| command.asset.updatesoftware | Install Software Update |\n\nJobs are issued asynchronously and processed by endpoint agents when they get online. If you want to get notifications about the progress of a job, create a subscription to the `job_status_change` webhook event.\n\n\n## Command specific data\nYou can customize each command using specific settings. Supply those command-specific settings in the `data` parameter.\n\n### command.threat.scan\n\nIf you want to just report detections:\n```json\n{\"scan_settings\":{\"type\":\"ThreatScan\",\"remove\":false}}\n```\n\nIf you want to quarantine detected items:\n```json\n{\"scan_settings\":{\"type\":\"ThreatScan\",\"remove\":true}}\n```\n\n### command.edr.isolation\nSpecify the extent of your isolation. Can be any combination of `desktop`, `network`, or `process`.\n```json\n{\"desktop\":true,\"network\":true,\"process\":true}\n```\n\n### command.threat.quarantine.restore\nRestore item from quarantine. Specify one or more detection ids\n```json\n{\"restore_items\":[\"7021ebec-b7b8-49b3-8709-f36bf5002c30\"]}\n```\n\n### command.threat.quarantine.remove\nDelete item from quarantine. Specify one or more detection ids\n```json\n{\"delete_items\":[\"7021ebec-b7b8-49b3-8709-f36bf5002c30\"]}\n```\n\n### command.edr.fileupload\nUpload a file to Sandbox Analysis. Specify the file path to the executable and machine id. \n```json\n{ \n     \"command\": \"command.edr.fileupload\", \n     \"machine_ids\": [\"9256034b-7967-4253-a5d9-260663e4fa4f\"], \n     \"data\": { \n          \"path\": \"C:\\\\Windowss\\\\app.exe\" \n     } \n}\n```\n\n### command.asset.patch\nInstall Software Patch\n```json\n{\n  \"patches\": [\n    {\n      \"category\": \"feature_pack\",\n      \"product\": \"Silverlight\",\n      \"severity\": \"critical\",\n      \"title\": \"Microsoft Silverlight (KB4481252)\",\n      \"vendor\": \"Microsoft Corporation\"\n    }\n  ]\n}\n```\n\n### command.asset.updatesoftware\nInstall Software Update\n```json\n{\n  \"application_name\": \"Chrome\",\n  \"current_version\": \"96.0.4664.45\",\n  \"new_version\": \"97.0.2103.01\",\n  \"product\": 41,\n  \"vendor\": \"Google\",\n  \"architecture\": \"x86\",\n  \"language\": \"en-US\"\n}\n```\n## Important considerations about this endpoint\nFor performance reasons, if you supply more than 100 endpoint ids (`machine_ids`), you will not receive the list of job ids in the response. If you need to track the issued jobs, batch endpoints in groups smaller than 100 items.\n",
        "summary": "Issue a job",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Add job to queue payload",
                "required": [
                  "machine_ids",
                  "command"
                ],
                "properties": {
                  "machine_ids": {
                    "type": "array",
                    "title": "Endpoint IDs",
                    "items": {
                      "type": "string",
                      "title": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  },
                  "relay_state": {
                    "type": "string",
                    "title": "Relay state"
                  },
                  "command": {
                    "type": "string",
                    "title": "Command"
                  },
                  "requires_connected": {
                    "type": "boolean",
                    "title": "Whether a connection needs to be initiated before issuing this jobs (i.e. active response shell)"
                  },
                  "data": {
                    "type": "object",
                    "title": "Data",
                    "properties": {
                      "scan_settings": {
                        "type": "object",
                        "title": "Scan settings",
                        "properties": {
                          "type": {
                            "type": "string",
                            "title": "Type",
                            "enum": [
                              "CustomScan",
                              "ThreatScan",
                              "HyperScan"
                            ]
                          },
                          "remove": {
                            "type": [
                              "boolean",
                              "string"
                            ],
                            "title": "Remove"
                          }
                        }
                      },
                      "enable_shuriken": {
                        "type": "boolean",
                        "title": "Enable shuriken"
                      },
                      "allow_postpone_reboot": {
                        "type": "boolean",
                        "title": "Allow postpone reboot"
                      },
                      "type": {
                        "type": "string",
                        "title": "Type"
                      },
                      "scan_path_from_list_file": {
                        "type": "boolean",
                        "title": "Scan path from list file"
                      },
                      "scan_path": {
                        "type": "string",
                        "title": "Scan path"
                      },
                      "add_scan_paths": {
                        "type": "array",
                        "title": "Add scan paths",
                        "items": {
                          "type": "string",
                          "title": "Add scan paths items"
                        }
                      },
                      "no_archive": {
                        "type": "boolean",
                        "title": "No archive"
                      },
                      "ark": {
                        "type": "boolean",
                        "title": "Ark"
                      },
                      "remove": {
                        "type": "boolean",
                        "title": "Remove"
                      },
                      "no_reboot": {
                        "type": "boolean",
                        "title": "No reboot"
                      },
                      "reboot_delay": {
                        "type": "integer",
                        "title": "Reboot delay"
                      },
                      "reboot_delay_rrule": {
                        "type": "string",
                        "title": "Reboot delay rrule"
                      },
                      "reboot_message": {
                        "type": "string",
                        "title": "Reboot message"
                      },
                      "pum_detection": {
                        "type": "string",
                        "title": "Pum detection"
                      },
                      "pup_detection": {
                        "type": "string",
                        "title": "Pup detection"
                      },
                      "scan_memory": {
                        "type": "boolean",
                        "title": "Scan memory"
                      },
                      "scan_registry": {
                        "type": "boolean",
                        "title": "Scan registry"
                      },
                      "scan_startup": {
                        "type": "boolean",
                        "title": "Scan startup"
                      },
                      "scan_file_system": {
                        "type": "boolean",
                        "title": "Scan file system"
                      },
                      "scan_priority": {
                        "type": "string",
                        "title": "Scan priority"
                      },
                      "scan_fixed_drives": {
                        "type": "boolean",
                        "title": "Scan fixed drives"
                      },
                      "exclusions": {
                        "type": "array",
                        "title": "Exclusions",
                        "items": {
                          "type": "object",
                          "title": "Items",
                          "additionalProperties": true,
                          "properties": {
                            "value": {
                              "type": "string",
                              "title": "Value"
                            },
                            "type": {
                              "type": "string",
                              "title": "Type"
                            },
                            "exclude_from": {
                              "type": "object",
                              "title": "Exclude from",
                              "properties": {
                                "exploit_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Exploit protection"
                                },
                                "malware_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Malware protection"
                                },
                                "ransomware_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Ransomware protection"
                                },
                                "suspicious_activity": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Suspicious activity"
                                },
                                "website_protection": {
                                  "type": [
                                    "boolean",
                                    "null"
                                  ],
                                  "title": "Website protection"
                                }
                              }
                            }
                          }
                        }
                      },
                      "allow_postpone": {
                        "type": [
                          "boolean",
                          "number"
                        ],
                        "title": "Asset Reboot allow postpone"
                      },
                      "delay_in_seconds": {
                        "type": "number",
                        "title": "Asset Reboot delay"
                      },
                      "message": {
                        "type": "string",
                        "title": "Asset Reboot message"
                      },
                      "reasons": {
                        "type": "number",
                        "title": "Asset Reboot reason: 0 RebootStatusClear, 1 RebootStatusDOR, 2 RebootStatusInstall, 3 RebootStatusUpgrade, 4 RebootStatusUnknown"
                      },
                      "restore_items": {
                        "type": "array",
                        "title": "Detection IDs to restore from quarantine",
                        "items": {
                          "type": "string",
                          "title": "Detection ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260653e4fa4f"
                          ]
                        }
                      },
                      "delete_items": {
                        "type": "array",
                        "title": "Detection IDs to delete from quarantine",
                        "items": {
                          "type": "string",
                          "title": "Detection ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260653e4fa4f"
                          ]
                        }
                      },
                      "patches": {
                        "type": "array",
                        "title": "Options for command.asset.patch",
                        "items": {
                          "type": "object",
                          "properties": {
                            "category": {
                              "type": "string",
                              "examples": [
                                "feature_pack"
                              ]
                            },
                            "product": {
                              "type": "string",
                              "examples": [
                                "Silverlight"
                              ]
                            },
                            "severity": {
                              "type": "string",
                              "examples": [
                                "critical"
                              ]
                            },
                            "title": {
                              "type": "string",
                              "examples": [
                                "Microsoft Silverlight (KB4481252)"
                              ]
                            },
                            "vendor": {
                              "type": "string",
                              "examples": [
                                "Microsoft Corporation"
                              ]
                            }
                          }
                        }
                      },
                      "application_name": {
                        "type": "string",
                        "examples": [
                          "Chrome"
                        ]
                      },
                      "current_version": {
                        "type": "string",
                        "examples": [
                          "96.0.4664.45"
                        ]
                      },
                      "new_version": {
                        "type": "string",
                        "examples": [
                          "97.0.2103.01"
                        ]
                      },
                      "product": {
                        "type": "number",
                        "product": [
                          41
                        ]
                      },
                      "vendor": {
                        "type": "string",
                        "examples": [
                          "Google"
                        ]
                      },
                      "architecture": {
                        "type": "string",
                        "examples": [
                          "x86"
                        ]
                      },
                      "language": {
                        "type": "string",
                        "examples": [
                          "tr-TR"
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Add job to queue response",
                  "required": [
                    "jobs",
                    "total_count"
                  ],
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "title": "Jobs",
                      "items": {
                        "type": "object",
                        "title": "Jobs items",
                        "required": [
                          "machine_id",
                          "job_id"
                        ],
                        "properties": {
                          "machine_id": {
                            "type": "string",
                            "title": "The ID of the endpoint onto which the job was issued (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "job_id": {
                            "type": "string",
                            "title": "The ID of the job. You can use this ID to retrieve additional information about the job and track its progress, as well as use it as a reference to handle webhooks notifications (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The total number of issued jobs"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.post.jobs"
      }
    },
    "/nebula/v1/jobs/search": {
      "post": {
        "description": "Search jobs across your account.",
        "summary": "Search jobs",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search jobs request.",
                "properties": {
                  "id": {
                    "type": "string",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "title": "Filter the search by a single job ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "command": {
                    "title": "Filter the search by endpoint name command name",
                    "oneOf": [
                      {
                        "type": "string",
                        "enum": [
                          "command.asset.reboot",
                          "command.asset.refresh",
                          "command.bfp.rules.delete",
                          "command.service.diag",
                          "command.edr.fileupload",
                          "command.edr.unlock.force",
                          "command.edr.isolation",
                          "command.edr.lock",
                          "command.sequence.remediate",
                          "command.edr.unlock",
                          "command.logging.level.set",
                          "command.threat.quarantine.remove",
                          "command.threat.quarantine.restore",
                          "command.threat.scan",
                          "command.threat.scan.remediate",
                          "command.policy.refresh",
                          "command.protection.update.now",
                          "command.service.restart",
                          "command.machine.update.now",
                          "command.machine.plugin.updateparts",
                          "command.edr.restore",
                          "command.threat.remediate",
                          "command.engine.changeaccounttoken",
                          "command.asset.patch",
                          "command.asset.updatesoftware",
                          "command.ars.newconn"
                        ]
                      },
                      {
                        "type": "array",
                        "items": {
                          "type": "string",
                          "enum": [
                            "command.asset.reboot",
                            "command.asset.refresh",
                            "command.bfp.rules.delete",
                            "command.service.diag",
                            "command.edr.fileupload",
                            "command.edr.unlock.force",
                            "command.edr.isolation",
                            "command.edr.lock",
                            "command.sequence.remediate",
                            "command.edr.unlock",
                            "command.logging.level.set",
                            "command.threat.quarantine.remove",
                            "command.threat.quarantine.restore",
                            "command.threat.scan",
                            "command.threat.scan.remediate",
                            "command.policy.refresh",
                            "command.protection.update.now",
                            "command.service.restart",
                            "command.machine.update.now",
                            "command.machine.plugin.updateparts",
                            "command.edr.restore",
                            "command.threat.remediate",
                            "command.engine.changeaccounttoken",
                            "command.asset.patch",
                            "command.asset.updatesoftware",
                            "command.ars.newconn"
                          ]
                        },
                        "minItems": 1,
                        "uniqueItems": true
                      }
                    ],
                    "examples": [
                      "command.asset.refresh"
                    ]
                  },
                  "endpoint": {
                    "type": "string",
                    "title": "Filter the search by endpoint name.",
                    "description": "Search for occurrences of the given value in the host_name fully_qualified_host_name and alias"
                  },
                  "machine_id": {
                    "title": "Filter the search Machine Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "oneOf": [
                      {
                        "type": "string",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      {
                        "type": "array",
                        "items": {
                          "type": "string",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        },
                        "minItems": 1,
                        "uniqueItems": true
                      }
                    ]
                  },
                  "issued_by": {
                    "type": "string",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "title": "Filter the search by the id of the user who issued the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "issued_by_email": {
                    "type": "string",
                    "title": "Filter the search by the email of the user who issued the job. Contains operator."
                  },
                  "cancelled_by": {
                    "type": "string",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "title": "Filter the search by the id of the user who cancelled the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "issued_at_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include jobs that have been issued before the specified date"
                  },
                  "issued_at_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include jobs that have been issued after the specified date"
                  },
                  "expires_at_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include jobs that expire before the specified date"
                  },
                  "expires_at_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include jobs that expire after the specified date"
                  },
                  "status": {
                    "type": "number",
                    "title": "Filter the search by status. You can also select multiple statuses using their sum",
                    "description": "1:CREATED, 2:SENT, 4:RECEIVED, 8:STARTED, 16:TIMED_OUT, 32:COMPLETED, 64:EXPIRED, 128:FAILED, 256:CANCELLED",
                    "minimum": 1,
                    "maximum": 511
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "default": "issued_at",
                    "enum": [
                      "command",
                      "issued_by",
                      "issued_at",
                      "expires_at",
                      "status",
                      "machine_name",
                      "account_name"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "default": "asc",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page",
                    "minimum": 1,
                    "default": 100,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  },
                  "populate": {
                    "type": "object",
                    "title": "The populate object Schema",
                    "properties": {
                      "online": {
                        "type": "boolean",
                        "title": "Populate the results with endpoint online/offline status"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search jobs result",
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "id": {
                            "type": "string",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "title": "The job ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "title": "The account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The account name"
                          },
                          "command": {
                            "type": "string",
                            "title": "Command name"
                          },
                          "data": {
                            "type": "string",
                            "title": "JSON stringified additional data"
                          },
                          "expires_at": {
                            "type": "string",
                            "format": "date-time",
                            "title": "The expire date"
                          },
                          "issued_at": {
                            "type": "string",
                            "format": "date-time",
                            "title": "The issue date"
                          },
                          "issued_by": {
                            "type": "string",
                            "nullable": true,
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "title": "The id of the user who issued the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "issued_by_email": {
                            "type": "string",
                            "title": "The email of the user who issued the job"
                          },
                          "issued_by_name": {
                            "type": "string",
                            "title": "The name of the user who issued the job"
                          },
                          "cancelled_by": {
                            "type": "string",
                            "nullable": true,
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "title": "The id of the user who cancelled the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "cancelled_by_email": {
                            "type": "string",
                            "nullable": true,
                            "title": "The email of the user who cancelled the job"
                          },
                          "cancelled_by_name": {
                            "type": "string",
                            "nullable": true,
                            "title": "The name of the user who cancelled the job"
                          },
                          "machine_id": {
                            "type": "string",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "title": "The machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "The machine name"
                          },
                          "status": {
                            "type": "number",
                            "enum": [
                              0,
                              1,
                              2,
                              4,
                              8,
                              16,
                              32,
                              64,
                              128,
                              256
                            ],
                            "title": "Filter job status. 0:UNKNOWN_STATUS, 1:CREATED, 2:SENT, 4:RECEIVED, 8:STARTED, 16:TIMED_OUT, 32:COMPLETED, 64:EXPIRED, 128:FAILED, 256:CANCELLED"
                          },
                          "updated_at": {
                            "type": "string",
                            "format": "date-time",
                            "title": "The last update date"
                          },
                          "reason": {
                            "type": "string",
                            "nullable": true,
                            "title": "Reason of cancellation or failure"
                          },
                          "relay_state": {
                            "type": "string",
                            "title": "Relay state"
                          },
                          "tags": {
                            "type": "object",
                            "properties": {
                              "alias": {
                                "type": "string",
                                "title": "Alias"
                              }
                            }
                          },
                          "online": {
                            "type": "boolean",
                            "title": "Endpoint connection status (populated only if the populate is set)"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "jobs",
                    "next_cursor"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.search.jobs"
      }
    },
    "/nebula/v1/jobs/search-groupby": {
      "post": {
        "description": "Search jobs grouped by a specific field across your account.",
        "summary": "Search jobs groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Jobs Search GroupBy Request Schema",
                "required": [
                  "group_by"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search jobs request.",
                    "properties": {
                      "id": {
                        "type": "string",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "title": "Filter the search by a single job ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "command": {
                        "title": "Filter the search by endpoint name command name",
                        "oneOf": [
                          {
                            "type": "string",
                            "enum": [
                              "command.asset.reboot",
                              "command.asset.refresh",
                              "command.bfp.rules.delete",
                              "command.service.diag",
                              "command.edr.fileupload",
                              "command.edr.unlock.force",
                              "command.edr.isolation",
                              "command.edr.lock",
                              "command.sequence.remediate",
                              "command.edr.unlock",
                              "command.logging.level.set",
                              "command.threat.quarantine.remove",
                              "command.threat.quarantine.restore",
                              "command.threat.scan",
                              "command.threat.scan.remediate",
                              "command.policy.refresh",
                              "command.protection.update.now",
                              "command.service.restart",
                              "command.machine.update.now",
                              "command.machine.plugin.updateparts",
                              "command.edr.restore",
                              "command.threat.remediate",
                              "command.engine.changeaccounttoken",
                              "command.asset.patch",
                              "command.asset.updatesoftware",
                              "command.ars.newconn"
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "type": "string",
                              "enum": [
                                "command.asset.reboot",
                                "command.asset.refresh",
                                "command.bfp.rules.delete",
                                "command.service.diag",
                                "command.edr.fileupload",
                                "command.edr.unlock.force",
                                "command.edr.isolation",
                                "command.edr.lock",
                                "command.sequence.remediate",
                                "command.edr.unlock",
                                "command.logging.level.set",
                                "command.threat.quarantine.remove",
                                "command.threat.quarantine.restore",
                                "command.threat.scan",
                                "command.threat.scan.remediate",
                                "command.policy.refresh",
                                "command.protection.update.now",
                                "command.service.restart",
                                "command.machine.update.now",
                                "command.machine.plugin.updateparts",
                                "command.edr.restore",
                                "command.threat.remediate",
                                "command.engine.changeaccounttoken",
                                "command.asset.patch",
                                "command.asset.updatesoftware",
                                "command.ars.newconn"
                              ]
                            },
                            "minItems": 1,
                            "uniqueItems": true
                          }
                        ],
                        "examples": [
                          "command.asset.refresh"
                        ]
                      },
                      "endpoint": {
                        "type": "string",
                        "title": "Filter the search by endpoint name.",
                        "description": "Search for occurrences of the given value in the host_name fully_qualified_host_name and alias"
                      },
                      "machine_id": {
                        "title": "Filter the search Machine Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "oneOf": [
                          {
                            "type": "string",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "type": "string",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            },
                            "minItems": 1,
                            "uniqueItems": true
                          }
                        ]
                      },
                      "issued_by": {
                        "type": "string",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "title": "Filter the search by the id of the user who issued the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "issued_by_email": {
                        "type": "string",
                        "title": "Filter the search by the email of the user who issued the job. Contains operator."
                      },
                      "cancelled_by": {
                        "type": "string",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "title": "Filter the search by the id of the user who cancelled the job (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "issued_at_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include jobs that have been issued before the specified date"
                      },
                      "issued_at_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include jobs that have been issued after the specified date"
                      },
                      "expires_at_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include jobs that expire before the specified date"
                      },
                      "expires_at_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include jobs that expire after the specified date"
                      },
                      "status": {
                        "type": "number",
                        "title": "Filter the search by status. You can also select multiple statuses using their sum",
                        "description": "1:CREATED, 2:SENT, 4:RECEIVED, 8:STARTED, 16:TIMED_OUT, 32:COMPLETED, 64:EXPIRED, 128:FAILED, 256:CANCELLED",
                        "minimum": 1,
                        "maximum": 511
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "default": "issued_at",
                        "enum": [
                          "command",
                          "issued_by",
                          "issued_at",
                          "expires_at",
                          "status",
                          "machine_name",
                          "account_name"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "default": "asc",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page",
                        "minimum": 1,
                        "default": 100,
                        "maximum": 2000
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      },
                      "populate": {
                        "type": "object",
                        "title": "The populate object Schema",
                        "properties": {
                          "online": {
                            "type": "boolean",
                            "title": "Populate the results with endpoint online/offline status"
                          }
                        }
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The field to group by",
                    "description": "Note: timestamp fields could have repeated values in pagination, if the interval between timestamps is less that 1 second",
                    "enum": [
                      "id",
                      "account_id",
                      "account_name",
                      "command",
                      "expires_at",
                      "issued_at",
                      "issued_by",
                      "issued_by_email",
                      "issued_by_name",
                      "cancelled_by",
                      "machine_id",
                      "machine_name",
                      "status",
                      "updated_at",
                      "relay_state"
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Assets Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The distinct values of the group_by field",
                      "default": [],
                      "items": {
                        "type": "object",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "title": "Value of the groupBy field",
                            "type": [
                              "string",
                              "number"
                            ]
                          },
                          "machine_name": {
                            "title": "Machine name. It will be displayed when grouping by machine_id",
                            "type": "string"
                          },
                          "account_name": {
                            "title": "Account name. It will be displayed when grouping by account_id",
                            "type": "string"
                          },
                          "issued_by_name": {
                            "title": "User name. It will be displayed when grouping by issued_by",
                            "type": "string"
                          },
                          "issued_by_email": {
                            "title": "User mail. It will be displayed when grouping by issued_by",
                            "type": "string"
                          },
                          "total": {
                            "title": "Total count of the elements in the group",
                            "type": "number"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Jobs"
        ],
        "operationId": "api.v2.nebula.search.jobs.group"
      }
    },
    "/nebula/v1/quarantine/export": {
      "post": {
        "description": "Export quarantine data. Specify your interested fields and the output format.\n\n\n\nSupported output formats: csv, xlsx, json.\n\n\n\n## Settings\n\n\n\n| Name | Description |\n|------|-------------|\n|ids | List of quarantine ids selected for exporting |\n| groups | List of queries. The constraints accepted can be found on the route schema |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n\n## Examples\n\n\n\n\n\n### Download xlsx file\n\n\n\nA request with this body sent by a browser will download a file called `report.xlxs`, displaying a table with columns: `Threat Name`, `Date`, `Location`, `Type`, `Category`, `Endpoint` for all quarantines with `Category` set to Malware :\n\n\n\n```json\n{\n   \"download\":true,\n   \"format\":\"xlsx\",\n   \"filename\": \"Report\",\n   \"select\":[\n      {\n         \"field\":\"threat_name\",\n         \"newField\":\"Threat name\"\n      },\n      {\n         \"field\":\"scanned_at\",\n         \"newField\":\"Date\"\n      },\n      {\n         \"field\":\"path\",\n         \"newField\":\"Location\"\n      },\n      {\n         \"field\":\"type\",\n         \"newField\":\"Type\"\n      },\n      {\n         \"field\":\"category\",\n         \"newField\":\"Category\"\n      },\n      {\n         \"field\":\"machine_name\",\n         \"newField\":\"Endpoint\"\n      }\n   ],\n   \"type\":\"base64\",\n   \"groups\": [{\n      \"category\":\"malware\"\n   }]\n}\n```\n\n\n\n### Get JSON with all ids for programmatic usage\n\n\nA request with this body sent will return a JSON object containing containing info for: `Quarantine ID`, `Threat Name`, `Date`, `Location`, `Type`, `Endpoint` for all quarantines with `Category` set to PUP :\n\n```json\n{\n   \"format\":\"json\",\n   \"select\":[\n      {\n         \"field\":\"id\",\n         \"newField\":\"Quarantine ID\"\n      },\n      {\n         \"field\":\"threat_name\",\n         \"newField\":\"Threat name\"\n      },\n      {\n         \"field\":\"scanned_at\",\n         \"newField\":\"Date\"\n      },\n      {\n         \"field\":\"path\",\n         \"newField\":\"Location\"\n      },\n      {\n         \"field\":\"type\",\n         \"newField\":\"Type\"\n      },\n      {\n         \"field\":\"machine_name\",\n         \"newField\":\"Endpoint\"\n      }\n   ],\n   \"type\":\"string\",\n   \"groups\":[\n      {\n         \"category\":\"PUP\"\n      }\n   ]\n}\n```\n\n\n\n*Example response*\n\n```\n[\n   {\n      \"Threat name\":\"PUP.Optional\",\n      \"Date\":\"2021-02-27T02:50:44.000Z\",\n      \"Location\":\"C:\\\\USERS\\\\ADMIN\\\\DESKTOP\\\\TEST_PUP.1.EXE\",\n      \"Type\":\"file\",\n      \"Category\":\"PUP\",\n      \"Endpoint\":\"DESKTOP-MB\"\n   },\n   {\n      \"Threat name\":\"PUP.Optional\",\n      \"Date\":\"2021-02-13T01:56:39.000Z\",\n      \"Location\":\"C:\\\\Users\\\\admin\\\\Desktop\\\\Test_PUP.exe\",\n      \"Type\":\"file\",\n      \"Category\":\"PUP\",\n      \"Endpoint\":\"DESKTOP-MB\"\n   }\n]\n```\n",
        "summary": "Export quarantines",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "name",
            "required": false,
            "in": "query",
            "description": "Search with quarantine threat name.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "category",
            "required": false,
            "in": "query",
            "description": "Search with quarantine category.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "type",
            "required": false,
            "in": "query",
            "description": "Search with quarantine type",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter since quarantine scan times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "until",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter until quarantine scan times.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "select",
                  "format"
                ],
                "anyOf": [
                  {
                    "required": [
                      "groups"
                    ]
                  },
                  {
                    "required": [
                      "ids"
                    ]
                  }
                ],
                "properties": {
                  "groups": {
                    "type": "array",
                    "items": {
                      "type": "object",
                      "anyOf": [
                        {
                          "type": "object",
                          "title": "Search for quarantines",
                          "properties": {
                            "ids": {
                              "type": "array",
                              "title": "IDs of quarantines to filter by",
                              "items": {
                                "type": "string",
                                "title": "IDs of quarantine to filter by (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\") ",
                                "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                "examples": [
                                  "9256034b-7967-4253-a5d9-260663e4fa4f"
                                ]
                              }
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "ID of the endpoint",
                              "examples": [
                                "2d2dd661-486e-463d-8065-16340eabfa96"
                              ]
                            },
                            "category": {
                              "type": "string",
                              "title": "Category name of the quarantine.",
                              "examples": [
                                "Malware"
                              ]
                            },
                            "type": {
                              "type": "array",
                              "title": "Type of the quarantine.",
                              "items": {
                                "type": "string"
                              },
                              "examples": [
                                [
                                  "file"
                                ]
                              ]
                            },
                            "since": {
                              "type": "string",
                              "title": "Timestamp to filter since quarantine scan times.",
                              "format": "date-time",
                              "formatMinimum": "1970-01-01T00:00:00Z"
                            },
                            "until": {
                              "type": "string",
                              "title": "Timestamp to filter until quarantine scan times.",
                              "format": "date-time",
                              "formatMinimum": "1970-01-01T00:00:00.000"
                            }
                          }
                        },
                        {
                          "type": "object",
                          "properties": {
                            "constraints": {
                              "type": "array",
                              "title": "Quarantine constraints",
                              "items": {
                                "title": "Quarantine Constraints",
                                "type": "object",
                                "oneOf": [
                                  {
                                    "title": "String (Equals, Not Equals) Constraints",
                                    "required": [
                                      "operator",
                                      "value"
                                    ],
                                    "properties": {
                                      "field": {
                                        "type": "string",
                                        "oneOf": [
                                          {
                                            "type": "string",
                                            "title": "Quarantine UID String Fields",
                                            "enum": [
                                              "id",
                                              "scan_id",
                                              "machine_id",
                                              "detection_id",
                                              "parent_detection_id"
                                            ]
                                          },
                                          {
                                            "title": "Quarantine Simple String Fields",
                                            "type": "string",
                                            "enum": [
                                              "correlation_hash",
                                              "threat_name",
                                              "machine_name",
                                              "path",
                                              "md5",
                                              "sha256",
                                              "scanned_at_offset_seconds",
                                              "trace_id",
                                              "rule_id"
                                            ]
                                          },
                                          {
                                            "type": "string",
                                            "title": "Quarantine Enum String Fields",
                                            "enum": [
                                              "type",
                                              "category"
                                            ]
                                          }
                                        ]
                                      },
                                      "operator": {
                                        "type": "string",
                                        "description": "Operator to apply to the constraint",
                                        "enum": [
                                          "equals",
                                          "not_equals"
                                        ]
                                      },
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "title": "Value to search",
                                        "items": {
                                          "type": "string"
                                        }
                                      },
                                      "case_insensitive": {
                                        "type": "boolean",
                                        "default": false
                                      }
                                    },
                                    "if": {
                                      "properties": {
                                        "field": {
                                          "type": "string",
                                          "title": "Quarantine UID String Fields",
                                          "enum": [
                                            "id",
                                            "scan_id",
                                            "machine_id",
                                            "detection_id",
                                            "parent_detection_id"
                                          ]
                                        }
                                      }
                                    },
                                    "then": {
                                      "properties": {
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "uuid",
                                          "items": {
                                            "type": "string",
                                            "format": "uuid"
                                          }
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "String (Contains, Not Contains) Constraints",
                                    "required": [
                                      "operator",
                                      "value"
                                    ],
                                    "properties": {
                                      "field": {
                                        "title": "Quarantine Simple String Fields",
                                        "type": "string",
                                        "enum": [
                                          "correlation_hash",
                                          "threat_name",
                                          "machine_name",
                                          "path",
                                          "md5",
                                          "sha256",
                                          "scanned_at_offset_seconds",
                                          "trace_id",
                                          "rule_id"
                                        ]
                                      },
                                      "operator": {
                                        "type": "string",
                                        "description": "Operator to apply to the constraint",
                                        "enum": [
                                          "contains",
                                          "not_contains"
                                        ]
                                      },
                                      "value": {
                                        "type": "string",
                                        "title": "Value to search"
                                      },
                                      "case_insensitive": {
                                        "type": "boolean",
                                        "default": false
                                      }
                                    }
                                  },
                                  {
                                    "title": "Boolean (Equals) Constraints",
                                    "required": [
                                      "operator",
                                      "value"
                                    ],
                                    "properties": {
                                      "field": {
                                        "type": "string",
                                        "oneOf": [
                                          {
                                            "type": "string",
                                            "title": "Quarantine Boolean Fields",
                                            "enum": [
                                              "is_rtp_stream_event"
                                            ]
                                          }
                                        ]
                                      },
                                      "operator": {
                                        "type": "string",
                                        "description": "Operator to apply to the constraint",
                                        "enum": [
                                          "equals"
                                        ]
                                      },
                                      "value": {
                                        "title": "Value to search. Must be true or false",
                                        "type": "boolean"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Date (start, end) Constraints",
                                    "properties": {
                                      "field": {
                                        "type": "string",
                                        "title": "Quarantine Date Fields",
                                        "enum": [
                                          "scanned_at",
                                          "reported_at",
                                          "cleaned_at",
                                          "updated_at"
                                        ]
                                      }
                                    },
                                    "oneOf": [
                                      {
                                        "minProperties": 1,
                                        "title": "Specify Date Range",
                                        "not": {
                                          "anyOf": [
                                            {
                                              "required": [
                                                "operator"
                                              ]
                                            },
                                            {
                                              "required": [
                                                "value"
                                              ]
                                            }
                                          ]
                                        },
                                        "properties": {
                                          "start": {
                                            "type": "string",
                                            "format": "date-time",
                                            "title": "Start Date"
                                          },
                                          "end": {
                                            "type": "string",
                                            "format": "date-time",
                                            "title": "End Date"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Specify Exact Date",
                                        "not": {
                                          "anyOf": [
                                            {
                                              "required": [
                                                "start"
                                              ]
                                            },
                                            {
                                              "required": [
                                                "end"
                                              ]
                                            }
                                          ]
                                        },
                                        "required": [
                                          "operator",
                                          "value"
                                        ],
                                        "properties": {
                                          "operator": {
                                            "type": "string",
                                            "enum": [
                                              "equals"
                                            ]
                                          },
                                          "value": {
                                            "type": [
                                              "string",
                                              "array"
                                            ],
                                            "format": "date-time",
                                            "title": "Value to search",
                                            "items": {
                                              "format": "date-time"
                                            }
                                          }
                                        }
                                      }
                                    ]
                                  }
                                ]
                              }
                            }
                          }
                        }
                      ]
                    }
                  },
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "filename": {
                    "type": "string",
                    "title": "The name of the output file if download is set to true"
                  },
                  "ids": {
                    "type": "array",
                    "title": "IDs of quarantines to filter by (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "items": {
                      "type": "string",
                      "title": "IDs of quarantine to filter by (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "id",
                            "type",
                            "scan_id",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_local",
                            "reported_at",
                            "threat_name",
                            "path",
                            "category",
                            "ip_address",
                            "url",
                            "port",
                            "device.disk_model"
                          ]
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {},
        "tags": [
          "Quarantine"
        ],
        "operationId": "api.nebula.export.quarantine"
      }
    },
    "/nebula/v1/quarantine": {
      "get": {
        "description": "Get all the quarantined items. Refer to Jobs apis to restore and delete items from quarantine",
        "summary": "Get all quarantined items",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "name",
            "required": false,
            "in": "query",
            "description": "Search with quarantine threat name.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "category",
            "required": false,
            "in": "query",
            "description": "Search with quarantine category.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "type",
            "required": false,
            "in": "query",
            "description": "Search with quarantine type",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter since quarantine scan times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "until",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter until quarantine scan times.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "The get quearantines response",
                  "description": "Get quarantine for a given machine",
                  "examples": [
                    {
                      "quarantined_threats": [
                        {
                          "id": "957fc464-9ee1-473c-8f49-d89d2da1d5d8",
                          "scan_id": "00000000-0000-0000-0000-000000000000",
                          "machine_id": "0ac6eb75-3b3d-49ea-86ea-4349465d32bf",
                          "machine_name": "EndpointDetections",
                          "group_id": "999a0d78-a983-44fc-a302-995cdfb39da3",
                          "detection_id": "1491ac5b-60fc-439c-acd3-4e5e1881337f",
                          "scanned_at": "2020-05-20T13:21:21Z",
                          "scanned_at_local": "2020-05-20T13:21:21Z",
                          "reported_at": "2020-05-20T13:21:23.114719Z",
                          "threat_name": "ransomware.script",
                          "type": [
                            "file"
                          ],
                          "stauts": "quarantined",
                          "path": "C:\\Deploy\\RealTime\\ransomware.exe",
                          "category": "arw",
                          "ip_address": "",
                          "url": "",
                          "port": ""
                        }
                      ],
                      "total_count": 1,
                      "next_cursor": ""
                    }
                  ],
                  "required": [
                    "quarantined_threats",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "quarantined_threats": {
                      "type": "array",
                      "title": "List of quearantine threats",
                      "description": "List of quarantined threats.",
                      "items": {
                        "type": "object",
                        "title": "Get detection by id",
                        "additionalProperties": true,
                        "required": [
                          "id",
                          "scan_id",
                          "machine_id",
                          "detection_id",
                          "scanned_at",
                          "scanned_at_local",
                          "reported_at",
                          "status",
                          "type",
                          "path",
                          "category"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The ID of the detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Machine name"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID the endpoint has (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "group_name": {
                            "type": "string",
                            "title": "Group name the endpoint has"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "The ID of the policy associated to the machine where this detection happened (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection id from endpoint"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "scanned_at_local": {
                            "type": "string",
                            "title": "Scanned at local time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Detection reported at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "action_taken": {
                            "type": "string",
                            "title": "Action Taken",
                            "examples": [
                              "unknown",
                              "failed",
                              "noActionByUser",
                              "quarantined",
                              "replaced",
                              "deleteOnReboot",
                              "replaceOnReboot",
                              "blocked",
                              "whitelisted",
                              "unquarantined"
                            ]
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "type": {
                            "type": "array",
                            "title": "Type",
                            "items": {
                              "type": "string",
                              "title": "Items"
                            }
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "ip_address": {
                            "type": "string",
                            "title": "IP address"
                          },
                          "url": {
                            "type": "string",
                            "title": "Url"
                          },
                          "port": {
                            "type": "string",
                            "title": "Port"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "Affected application"
                          },
                          "md5": {
                            "type": "string",
                            "title": "Md5"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of items",
                      "description": "Total count of items",
                      "default": 0,
                      "examples": [
                        1
                      ]
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Quarantine"
        ],
        "operationId": "api.nebula.get.quarantine-all"
      }
    },
    "/nebula/v1/quarantine/action": {
      "post": {
        "description": "Issue Delete/Restore all quarantines job to a machine with machine id",
        "summary": "Bulk quarantine action",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Issue Jobs With Machine ID",
                "required": [
                  "endpoints",
                  "command"
                ],
                "properties": {
                  "command": {
                    "type": "string",
                    "title": "Command",
                    "enum": [
                      "command.threat.quarantine.restore",
                      "command.threat.quarantine.remove"
                    ]
                  },
                  "endpoints": {
                    "type": "array",
                    "title": "Machine IDs",
                    "items": {
                      "type": "object",
                      "title": "Machine IDs items",
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Endpoint ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "201": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Create job response",
                  "required": [
                    "jobs",
                    "total_count"
                  ],
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "title": "List of jobs",
                      "items": {
                        "type": "object",
                        "title": "Job items",
                        "required": [
                          "machine_id",
                          "job_id"
                        ],
                        "properties": {
                          "machine_id": {
                            "type": "string",
                            "title": "The ID of the endpoint onto which the job was issued (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "job_id": {
                            "type": "string",
                            "title": "The ID of the job. You can use this ID to retrieve additional informations about the job and track its progress, as well as use it as a reference to handle webhooks notifications (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    },
                    "errors": {
                      "type": "array",
                      "title": "tasks not performed",
                      "items": {
                        "type": "object",
                        "title": "Endpoint ID",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_ids": {
                            "type": "array",
                            "title": "Account IDs",
                            "items": {
                              "type": "string",
                              "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The total number of issued jobs"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Quarantine"
        ],
        "operationId": "api.nebula.post.quarantine-action"
      }
    },
    "/nebula/v1/quarantine/search": {
      "post": {
        "description": "Search all quarantined items scoped by account. It's possible to add some constraints to filter the result",
        "summary": "Search quarantines",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search quarantine",
                "properties": {
                  "fields": {
                    "type": "array",
                    "title": "Specify which fields will be included in the response",
                    "items": {
                      "enum": [
                        "trace_id",
                        "scan_id",
                        "machine_id",
                        "machine_name",
                        "group_id",
                        "group_name",
                        "policy_id",
                        "policy_name",
                        "account_id",
                        "account_name",
                        "parent_account_id",
                        "detection_id",
                        "correlation_hash",
                        "scanned_at",
                        "scanned_at_offset_seconds",
                        "reported_at",
                        "threat_name",
                        "type",
                        "path",
                        "category",
                        "is_rtp_stream_event",
                        "updated_at",
                        "cleaned_at",
                        "parent_detection_id",
                        "rule_id",
                        "md5",
                        "sha256",
                        "online"
                      ],
                      "type": "string"
                    },
                    "default": [
                      "trace_id",
                      "scan_id",
                      "machine_id",
                      "account_id"
                    ]
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "scanned_at"
                    ],
                    "default": "scanned_at"
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Whether sorting should be ascending or descending",
                    "enum": [
                      "asc",
                      "desc"
                    ],
                    "default": "desc"
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page size",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  },
                  "constraints": {
                    "type": "array",
                    "title": "Quarantine constraints",
                    "items": {
                      "title": "Quarantine Constraints",
                      "type": "object",
                      "oneOf": [
                        {
                          "title": "String (Equals, Not Equals) Constraints",
                          "required": [
                            "operator",
                            "value"
                          ],
                          "properties": {
                            "field": {
                              "type": "string",
                              "oneOf": [
                                {
                                  "type": "string",
                                  "title": "Quarantine UID String Fields",
                                  "enum": [
                                    "id",
                                    "scan_id",
                                    "machine_id",
                                    "detection_id",
                                    "parent_detection_id"
                                  ]
                                },
                                {
                                  "title": "Quarantine Simple String Fields",
                                  "type": "string",
                                  "enum": [
                                    "correlation_hash",
                                    "threat_name",
                                    "machine_name",
                                    "path",
                                    "md5",
                                    "sha256",
                                    "scanned_at_offset_seconds",
                                    "trace_id",
                                    "rule_id"
                                  ]
                                },
                                {
                                  "type": "string",
                                  "title": "Quarantine Enum String Fields",
                                  "enum": [
                                    "type",
                                    "category"
                                  ]
                                }
                              ]
                            },
                            "operator": {
                              "type": "string",
                              "description": "Operator to apply to the constraint",
                              "enum": [
                                "equals",
                                "not_equals"
                              ]
                            },
                            "value": {
                              "type": [
                                "string",
                                "array"
                              ],
                              "title": "Value to search",
                              "items": {
                                "type": "string"
                              }
                            },
                            "case_insensitive": {
                              "type": "boolean",
                              "default": false
                            }
                          },
                          "if": {
                            "properties": {
                              "field": {
                                "type": "string",
                                "title": "Quarantine UID String Fields",
                                "enum": [
                                  "id",
                                  "scan_id",
                                  "machine_id",
                                  "detection_id",
                                  "parent_detection_id"
                                ]
                              }
                            }
                          },
                          "then": {
                            "properties": {
                              "value": {
                                "type": [
                                  "string",
                                  "array"
                                ],
                                "format": "uuid",
                                "items": {
                                  "type": "string",
                                  "format": "uuid"
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "String (Contains, Not Contains) Constraints",
                          "required": [
                            "operator",
                            "value"
                          ],
                          "properties": {
                            "field": {
                              "title": "Quarantine Simple String Fields",
                              "type": "string",
                              "enum": [
                                "correlation_hash",
                                "threat_name",
                                "machine_name",
                                "path",
                                "md5",
                                "sha256",
                                "scanned_at_offset_seconds",
                                "trace_id",
                                "rule_id"
                              ]
                            },
                            "operator": {
                              "type": "string",
                              "description": "Operator to apply to the constraint",
                              "enum": [
                                "contains",
                                "not_contains"
                              ]
                            },
                            "value": {
                              "type": "string",
                              "title": "Value to search"
                            },
                            "case_insensitive": {
                              "type": "boolean",
                              "default": false
                            }
                          }
                        },
                        {
                          "title": "Boolean (Equals) Constraints",
                          "required": [
                            "operator",
                            "value"
                          ],
                          "properties": {
                            "field": {
                              "type": "string",
                              "oneOf": [
                                {
                                  "type": "string",
                                  "title": "Quarantine Boolean Fields",
                                  "enum": [
                                    "is_rtp_stream_event"
                                  ]
                                }
                              ]
                            },
                            "operator": {
                              "type": "string",
                              "description": "Operator to apply to the constraint",
                              "enum": [
                                "equals"
                              ]
                            },
                            "value": {
                              "title": "Value to search. Must be true or false",
                              "type": "boolean"
                            }
                          }
                        },
                        {
                          "title": "Date (start, end) Constraints",
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Quarantine Date Fields",
                              "enum": [
                                "scanned_at",
                                "reported_at",
                                "cleaned_at",
                                "updated_at"
                              ]
                            }
                          },
                          "oneOf": [
                            {
                              "minProperties": 1,
                              "title": "Specify Date Range",
                              "not": {
                                "anyOf": [
                                  {
                                    "required": [
                                      "operator"
                                    ]
                                  },
                                  {
                                    "required": [
                                      "value"
                                    ]
                                  }
                                ]
                              },
                              "properties": {
                                "start": {
                                  "type": "string",
                                  "format": "date-time",
                                  "title": "Start Date"
                                },
                                "end": {
                                  "type": "string",
                                  "format": "date-time",
                                  "title": "End Date"
                                }
                              }
                            },
                            {
                              "title": "Specify Exact Date",
                              "not": {
                                "anyOf": [
                                  {
                                    "required": [
                                      "start"
                                    ]
                                  },
                                  {
                                    "required": [
                                      "end"
                                    ]
                                  }
                                ]
                              },
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "format": "date-time",
                                  "title": "Value to search",
                                  "items": {
                                    "format": "date-time"
                                  }
                                }
                              }
                            }
                          ]
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Search quearantines",
                  "description": "Search quarantines",
                  "examples": [
                    {
                      "quarantine": [
                        {
                          "id": "d284a484-0017-4962-bc79-e855a24a64f3",
                          "trace_id": "278b5a30-b7d4-4b85-8666-7b48fd430709_0c0cf8d6-22aa-11ea-a1b3-000c297231a7",
                          "scan_id": "278b5a30-b7d4-4b85-8666-7b48fd430709",
                          "machine_id": "dc41a3da-3f69-47ac-a931-5142973e9eae",
                          "machine_name": "Alex-Win81x86-QA",
                          "group_id": "9b40dd88-b1e6-4eb4-a009-5dc6f753ba95",
                          "group_name": "Alex_EPR",
                          "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                          "account_name": "Test-Account3",
                          "parent_account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                          "detection_id": "0c0cf8d6-22aa-11ea-a1b3-000c297231a7",
                          "correlation_hash": "",
                          "scanned_at": "2019-12-19T21:52:41Z",
                          "scanned_at_offset_seconds": 0,
                          "reported_at": "2020-01-10T19:30:43.417539Z",
                          "cleaned_at": "2019-12-19T21:53:58Z",
                          "threat_name": "Trojan.MBAMTest",
                          "type": "WyJmaWxlIl0=",
                          "path": "C:\\Users\\osokolov\\Desktop\\Agent\\Sample Infections\\TEST-TROJAN.EXE",
                          "category": "Malware",
                          "is_rtp_stream_event": false,
                          "updated_at": "2020-01-10T19:30:43.417854Z",
                          "policy_id": "dc1510a6-8d41-4216-93e9-0c57c57e03b4",
                          "policy_name": "alessio-tests",
                          "online": false
                        }
                      ],
                      "total_count": 1,
                      "next_cursor": ""
                    }
                  ],
                  "required": [
                    "quarantine",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "quarantine": {
                      "type": "array",
                      "title": "List of quarantined threats",
                      "description": "List of quarantined threats.",
                      "items": {
                        "type": "object",
                        "title": "Quarantine",
                        "required": [
                          "id"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "trace_id": {
                            "type": "string",
                            "title": "Trace ID (Ex. \"1d15c701-0ed0-536c-baff-47472ddea30d_794597e5-2f43-4fd8-ab7a-c08219cdc06f\")",
                            "examples": [
                              "1d15c701-0ed0-536c-baff-47472ddea30d_794597e5-2f43-4fd8-ab7a-c08219cdc06f"
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID this detection belongs to (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Machine name"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID the endpoint has (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "group_name": {
                            "type": "string",
                            "title": "Group name the endpoint has"
                          },
                          "policy_id": {
                            "type": "string",
                            "title": "The ID of the policy associated to the machine where this detection happened (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "policy_name": {
                            "type": "string",
                            "title": "Policy name"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_name": {
                            "type": "string",
                            "title": "Account name"
                          },
                          "parent_account_id": {
                            "type": "string",
                            "title": "Parent Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection id from endpoint"
                          },
                          "correlation_hash": {
                            "type": "string",
                            "title": "Correlation hash"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "scanned_at_offset_seconds": {
                            "type": "integer",
                            "title": "Scanned at offset seconds"
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Detection reported at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "cleaned_at": {
                            "type": "string",
                            "title": "Detection cleaned at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Detection updated at time (Ex. \"2020-03-23T17:23:17.860482Z\")",
                            "pattern": "^\\d{4}-[0-1]\\d-[0-3]\\d[(t|T)\\s](?:[0-2]\\d:[0-5]\\d:[0-5]\\d|23:59:60)(?:\\.\\d+)?(?:(z|Z)|[+-]\\d{2}:\\d{2})$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "type": {
                            "type": "array",
                            "title": "Type",
                            "items": {
                              "type": "string",
                              "title": "Items"
                            }
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "md5": {
                            "type": "string",
                            "title": "MD5"
                          },
                          "sha256": {
                            "type": "string",
                            "title": "SHA256"
                          },
                          "is_rtp_stream_event": {
                            "type": "boolean",
                            "title": "Is real-time-protection event"
                          },
                          "parent_detection_id": {
                            "type": "string",
                            "title": "The ID of the parent detection. If there is no parent detection, it can be empty string or undefined",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "rule_id": {
                            "type": "string",
                            "title": "The ID of the rule triggered",
                            "examples": [
                              "2403099913"
                            ]
                          },
                          "online": {
                            "type": "boolean",
                            "title": "The online/offline status of the endpoint (when populated/selected)"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of items",
                      "description": "Total count of items",
                      "examples": [
                        1
                      ]
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Quarantine"
        ],
        "operationId": "api.nebula.post.quarantine-search"
      }
    },
    "/nebula/v1/devicecontrol/exclusions": {
      "post": {
        "description": "Create a device exclusion.",
        "summary": "Create a device exclusion",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create Device Exclusion",
                "additionalProperties": true,
                "required": [
                  "enabled",
                  "exclude_from",
                  "account_level"
                ],
                "properties": {
                  "vendor": {
                    "type": "string",
                    "title": "Device Vendor"
                  },
                  "product": {
                    "type": "string",
                    "title": "Product"
                  },
                  "serial": {
                    "type": "string",
                    "title": "Device Serial Number"
                  },
                  "value": {
                    "type": "string",
                    "title": "String value",
                    "examples": [
                      "%PROGRAMDATA%"
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Enable"
                  },
                  "comment": {
                    "type": "string",
                    "title": "Comment"
                  },
                  "exclude_from": {
                    "type": "object",
                    "title": "Exclusion applied to",
                    "properties": {
                      "exploit_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                      },
                      "malware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Protects against malware infections and zero-day threats"
                      },
                      "ransomware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                      },
                      "suspicious_activity": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                      },
                      "website_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Blocks network traffic from malicious websites and IP addresses"
                      },
                      "bruteforce_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Bruteforce attack protection on RDP, IMAP and so on."
                      }
                    }
                  },
                  "account_level": {
                    "type": "boolean",
                    "title": "Account level"
                  },
                  "policy_ids": {
                    "type": "array",
                    "title": "IDs of Policies",
                    "items": {
                      "type": "string",
                      "title": "ID of the Policy"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Device Exclusion response schema",
                  "type": "object",
                  "additionalProperties": true,
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create Device Exclusion",
                      "additionalProperties": true,
                      "required": [
                        "enabled",
                        "exclude_from",
                        "account_level"
                      ],
                      "properties": {
                        "vendor": {
                          "type": "string",
                          "title": "Device Vendor"
                        },
                        "product": {
                          "type": "string",
                          "title": "Product"
                        },
                        "serial": {
                          "type": "string",
                          "title": "Device Serial Number"
                        },
                        "value": {
                          "type": "string",
                          "title": "String value",
                          "examples": [
                            "%PROGRAMDATA%"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable"
                        },
                        "comment": {
                          "type": "string",
                          "title": "Comment"
                        },
                        "exclude_from": {
                          "type": "object",
                          "title": "Exclusion applied to",
                          "properties": {
                            "exploit_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                            },
                            "malware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Protects against malware infections and zero-day threats"
                            },
                            "ransomware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                            },
                            "suspicious_activity": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                            },
                            "website_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Blocks network traffic from malicious websites and IP addresses"
                            },
                            "bruteforce_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Bruteforce attack protection on RDP, IMAP and so on."
                            }
                          }
                        },
                        "account_level": {
                          "type": "boolean",
                          "title": "Account level"
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "IDs of Policies",
                          "items": {
                            "type": "string",
                            "title": "ID of the Policy"
                          }
                        }
                      }
                    }
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "type": {
                      "type": "integer",
                      "title": "16: Device Control Exclusion",
                      "const": 16
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by"
                    },
                    "updated_by": {
                      "type": "string",
                      "title": "Updated by"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.post.device.exclusions"
      },
      "get": {
        "description": "Get all device exclusions.",
        "summary": "Get all device exclusions",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "search_string",
            "required": false,
            "in": "query",
            "description": "Search with exclusion string.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "policy_ids",
            "required": false,
            "in": "query",
            "description": "Search with exclusion policy ids.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "type",
            "required": false,
            "in": "query",
            "description": "Search with exclusion type",
            "schema": {
              "type": "number"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter since exclusion times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "until",
            "required": false,
            "in": "query",
            "description": "Timestamp to filter until exclusion times.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "sort_by",
            "required": false,
            "in": "query",
            "description": "Field to sort results with.",
            "schema": {
              "type": "string",
              "enum": [
                "enabled",
                "value",
                "created_at",
                "updated_at",
                "created_by",
                "updated_by",
                "type"
              ]
            }
          },
          {
            "name": "sort_order",
            "required": false,
            "in": "query",
            "description": "Sorting direction",
            "schema": {
              "type": "string",
              "enum": [
                "asc",
                "desc"
              ]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Device exclusion response schema",
                  "type": "object",
                  "additionalProperties": true,
                  "properties": {
                    "exclusions": {
                      "type": "array",
                      "title": "Exclusions",
                      "items": {
                        "title": "Device Exclusion response schema",
                        "type": "object",
                        "additionalProperties": true,
                        "allOf": [
                          {
                            "type": "object",
                            "title": "Create Device Exclusion",
                            "additionalProperties": true,
                            "required": [
                              "enabled",
                              "exclude_from",
                              "account_level"
                            ],
                            "properties": {
                              "vendor": {
                                "type": "string",
                                "title": "Device Vendor"
                              },
                              "product": {
                                "type": "string",
                                "title": "Product"
                              },
                              "serial": {
                                "type": "string",
                                "title": "Device Serial Number"
                              },
                              "value": {
                                "type": "string",
                                "title": "String value",
                                "examples": [
                                  "%PROGRAMDATA%"
                                ]
                              },
                              "enabled": {
                                "type": "boolean",
                                "title": "Enable"
                              },
                              "comment": {
                                "type": "string",
                                "title": "Comment"
                              },
                              "exclude_from": {
                                "type": "object",
                                "title": "Exclusion applied to",
                                "properties": {
                                  "exploit_protection": {
                                    "type": [
                                      "boolean",
                                      "null"
                                    ],
                                    "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                                  },
                                  "malware_protection": {
                                    "type": [
                                      "boolean",
                                      "null"
                                    ],
                                    "title": "Protects against malware infections and zero-day threats"
                                  },
                                  "ransomware_protection": {
                                    "type": [
                                      "boolean",
                                      "null"
                                    ],
                                    "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                                  },
                                  "suspicious_activity": {
                                    "type": [
                                      "boolean",
                                      "null"
                                    ],
                                    "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                                  },
                                  "website_protection": {
                                    "type": [
                                      "boolean",
                                      "null"
                                    ],
                                    "title": "Blocks network traffic from malicious websites and IP addresses"
                                  },
                                  "bruteforce_protection": {
                                    "type": [
                                      "boolean",
                                      "null"
                                    ],
                                    "title": "Bruteforce attack protection on RDP, IMAP and so on."
                                  }
                                }
                              },
                              "account_level": {
                                "type": "boolean",
                                "title": "Account level"
                              },
                              "policy_ids": {
                                "type": "array",
                                "title": "IDs of Policies",
                                "items": {
                                  "type": "string",
                                  "title": "ID of the Policy"
                                }
                              }
                            }
                          }
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "type": {
                            "type": "integer",
                            "title": "16: Device Control Exclusion",
                            "const": 16
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at"
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by"
                          },
                          "updated_by": {
                            "type": "string",
                            "title": "Updated by"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.get.device.exclusions"
      }
    },
    "/nebula/v1/devicecontrol/exclusions/bulk": {
      "post": {
        "description": "Create device exclusions in bulk.",
        "summary": "Create device exclusions in bulk",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "array",
                "title": "Create Device Exclusion Bulk",
                "items": {
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create Device Exclusion",
                      "additionalProperties": true,
                      "required": [
                        "enabled",
                        "exclude_from",
                        "account_level"
                      ],
                      "properties": {
                        "vendor": {
                          "type": "string",
                          "title": "Device Vendor"
                        },
                        "product": {
                          "type": "string",
                          "title": "Product"
                        },
                        "serial": {
                          "type": "string",
                          "title": "Device Serial Number"
                        },
                        "value": {
                          "type": "string",
                          "title": "String value",
                          "examples": [
                            "%PROGRAMDATA%"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable"
                        },
                        "comment": {
                          "type": "string",
                          "title": "Comment"
                        },
                        "exclude_from": {
                          "type": "object",
                          "title": "Exclusion applied to",
                          "properties": {
                            "exploit_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                            },
                            "malware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Protects against malware infections and zero-day threats"
                            },
                            "ransomware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                            },
                            "suspicious_activity": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                            },
                            "website_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Blocks network traffic from malicious websites and IP addresses"
                            },
                            "bruteforce_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Bruteforce attack protection on RDP, IMAP and so on."
                            }
                          }
                        },
                        "account_level": {
                          "type": "boolean",
                          "title": "Account level"
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "IDs of Policies",
                          "items": {
                            "type": "string",
                            "title": "ID of the Policy"
                          }
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Device Exclusion response schema bulk",
                  "type": "object",
                  "additionalProperties": true,
                  "properties": {
                    "errors": {
                      "type": "array",
                      "title": "List of Errors",
                      "items": {
                        "type": "string"
                      }
                    },
                    "created": {
                      "type": "array",
                      "title": "Created Exclusions",
                      "items": {
                        "allOf": [
                          {
                            "title": "Device Exclusion response schema",
                            "type": "object",
                            "additionalProperties": true,
                            "allOf": [
                              {
                                "type": "object",
                                "title": "Create Device Exclusion",
                                "additionalProperties": true,
                                "required": [
                                  "enabled",
                                  "exclude_from",
                                  "account_level"
                                ],
                                "properties": {
                                  "vendor": {
                                    "type": "string",
                                    "title": "Device Vendor"
                                  },
                                  "product": {
                                    "type": "string",
                                    "title": "Product"
                                  },
                                  "serial": {
                                    "type": "string",
                                    "title": "Device Serial Number"
                                  },
                                  "value": {
                                    "type": "string",
                                    "title": "String value",
                                    "examples": [
                                      "%PROGRAMDATA%"
                                    ]
                                  },
                                  "enabled": {
                                    "type": "boolean",
                                    "title": "Enable"
                                  },
                                  "comment": {
                                    "type": "string",
                                    "title": "Comment"
                                  },
                                  "exclude_from": {
                                    "type": "object",
                                    "title": "Exclusion applied to",
                                    "properties": {
                                      "exploit_protection": {
                                        "type": [
                                          "boolean",
                                          "null"
                                        ],
                                        "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                                      },
                                      "malware_protection": {
                                        "type": [
                                          "boolean",
                                          "null"
                                        ],
                                        "title": "Protects against malware infections and zero-day threats"
                                      },
                                      "ransomware_protection": {
                                        "type": [
                                          "boolean",
                                          "null"
                                        ],
                                        "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                                      },
                                      "suspicious_activity": {
                                        "type": [
                                          "boolean",
                                          "null"
                                        ],
                                        "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                                      },
                                      "website_protection": {
                                        "type": [
                                          "boolean",
                                          "null"
                                        ],
                                        "title": "Blocks network traffic from malicious websites and IP addresses"
                                      },
                                      "bruteforce_protection": {
                                        "type": [
                                          "boolean",
                                          "null"
                                        ],
                                        "title": "Bruteforce attack protection on RDP, IMAP and so on."
                                      }
                                    }
                                  },
                                  "account_level": {
                                    "type": "boolean",
                                    "title": "Account level"
                                  },
                                  "policy_ids": {
                                    "type": "array",
                                    "title": "IDs of Policies",
                                    "items": {
                                      "type": "string",
                                      "title": "ID of the Policy"
                                    }
                                  }
                                }
                              }
                            ],
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                "examples": [
                                  "9256034b-7967-4253-a5d9-260663e4fa4f"
                                ]
                              },
                              "type": {
                                "type": "integer",
                                "title": "16: Device Control Exclusion",
                                "const": 16
                              },
                              "created_at": {
                                "type": "string",
                                "title": "Created at"
                              },
                              "updated_at": {
                                "type": "string",
                                "title": "Updated at"
                              },
                              "created_by": {
                                "type": "string",
                                "title": "Created by"
                              },
                              "updated_by": {
                                "type": "string",
                                "title": "Updated by"
                              }
                            }
                          }
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.post.device.exclusions.bulk"
      }
    },
    "/nebula/v1/devicecontrol/exclusions/{id}": {
      "delete": {
        "description": "Delete a device exclusion.",
        "summary": "Delete a device exclusion",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.delete.device.exclusions"
      },
      "get": {
        "description": "Get a device exclusion.",
        "summary": "Get a device exclusion",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Device Exclusion response schema",
                  "type": "object",
                  "additionalProperties": true,
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create Device Exclusion",
                      "additionalProperties": true,
                      "required": [
                        "enabled",
                        "exclude_from",
                        "account_level"
                      ],
                      "properties": {
                        "vendor": {
                          "type": "string",
                          "title": "Device Vendor"
                        },
                        "product": {
                          "type": "string",
                          "title": "Product"
                        },
                        "serial": {
                          "type": "string",
                          "title": "Device Serial Number"
                        },
                        "value": {
                          "type": "string",
                          "title": "String value",
                          "examples": [
                            "%PROGRAMDATA%"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable"
                        },
                        "comment": {
                          "type": "string",
                          "title": "Comment"
                        },
                        "exclude_from": {
                          "type": "object",
                          "title": "Exclusion applied to",
                          "properties": {
                            "exploit_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                            },
                            "malware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Protects against malware infections and zero-day threats"
                            },
                            "ransomware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                            },
                            "suspicious_activity": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                            },
                            "website_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Blocks network traffic from malicious websites and IP addresses"
                            },
                            "bruteforce_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Bruteforce attack protection on RDP, IMAP and so on."
                            }
                          }
                        },
                        "account_level": {
                          "type": "boolean",
                          "title": "Account level"
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "IDs of Policies",
                          "items": {
                            "type": "string",
                            "title": "ID of the Policy"
                          }
                        }
                      }
                    }
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "type": {
                      "type": "integer",
                      "title": "16: Device Control Exclusion",
                      "const": 16
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by"
                    },
                    "updated_by": {
                      "type": "string",
                      "title": "Updated by"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.get.device.exclusions.id"
      },
      "put": {
        "description": "Update a device exclusion.",
        "summary": "Update a device exclusion",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create Device Exclusion",
                "additionalProperties": true,
                "required": [
                  "enabled",
                  "exclude_from",
                  "account_level"
                ],
                "properties": {
                  "vendor": {
                    "type": "string",
                    "title": "Device Vendor"
                  },
                  "product": {
                    "type": "string",
                    "title": "Product"
                  },
                  "serial": {
                    "type": "string",
                    "title": "Device Serial Number"
                  },
                  "value": {
                    "type": "string",
                    "title": "String value",
                    "examples": [
                      "%PROGRAMDATA%"
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Enable"
                  },
                  "comment": {
                    "type": "string",
                    "title": "Comment"
                  },
                  "exclude_from": {
                    "type": "object",
                    "title": "Exclusion applied to",
                    "properties": {
                      "exploit_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                      },
                      "malware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Protects against malware infections and zero-day threats"
                      },
                      "ransomware_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                      },
                      "suspicious_activity": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                      },
                      "website_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Blocks network traffic from malicious websites and IP addresses"
                      },
                      "bruteforce_protection": {
                        "type": [
                          "boolean",
                          "null"
                        ],
                        "title": "Bruteforce attack protection on RDP, IMAP and so on."
                      }
                    }
                  },
                  "account_level": {
                    "type": "boolean",
                    "title": "Account level"
                  },
                  "policy_ids": {
                    "type": "array",
                    "title": "IDs of Policies",
                    "items": {
                      "type": "string",
                      "title": "ID of the Policy"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Device Exclusion response schema",
                  "type": "object",
                  "additionalProperties": true,
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create Device Exclusion",
                      "additionalProperties": true,
                      "required": [
                        "enabled",
                        "exclude_from",
                        "account_level"
                      ],
                      "properties": {
                        "vendor": {
                          "type": "string",
                          "title": "Device Vendor"
                        },
                        "product": {
                          "type": "string",
                          "title": "Product"
                        },
                        "serial": {
                          "type": "string",
                          "title": "Device Serial Number"
                        },
                        "value": {
                          "type": "string",
                          "title": "String value",
                          "examples": [
                            "%PROGRAMDATA%"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable"
                        },
                        "comment": {
                          "type": "string",
                          "title": "Comment"
                        },
                        "exclude_from": {
                          "type": "object",
                          "title": "Exclusion applied to",
                          "properties": {
                            "exploit_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications"
                            },
                            "malware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Protects against malware infections and zero-day threats"
                            },
                            "ransomware_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Detects and blocks ransomware threats using advanced behavior analysis"
                            },
                            "suspicious_activity": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Uses advanced machine learning to identify suspicious processes that require additional review"
                            },
                            "website_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Blocks network traffic from malicious websites and IP addresses"
                            },
                            "bruteforce_protection": {
                              "type": [
                                "boolean",
                                "null"
                              ],
                              "title": "Bruteforce attack protection on RDP, IMAP and so on."
                            }
                          }
                        },
                        "account_level": {
                          "type": "boolean",
                          "title": "Account level"
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "IDs of Policies",
                          "items": {
                            "type": "string",
                            "title": "ID of the Policy"
                          }
                        }
                      }
                    }
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "UUID of the exclusion (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "type": {
                      "type": "integer",
                      "title": "16: Device Control Exclusion",
                      "const": 16
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at"
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by"
                    },
                    "updated_by": {
                      "type": "string",
                      "title": "Updated by"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.put.device.exclusions"
      }
    },
    "/nebula/v1/devicecontrol/export": {
      "post": {
        "description": "Export Device Control events. You can export across multiple accounts. Specify your interested fields and the output format.\n\nSupported output formats: csv, xlsx, json.\n\n## Settings\n\n| Name | Description |\n|------|-------------|\n| groups | List of queries. The constraints accepted are the same accepted by the search device control event route. Refer to [Search Device Control Events API](#operation/api.v2.nebula.search.devicecontrol) for more information about the constraints accepted. |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n## Examples\n\n### Download CSV file\n\nA request with this body sent by a browser will download a file called `nameofthefile.csv`, displaying a table with columns: `Date`, `Action Taken`, `Device`, `Machine Name` for all events with `Blocked` status, starting from `2022/02/01` within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34`:\n\n```json\n\t{\n   \"download\":true,\n   \"format\":\"csv\",\n   \"groups\":[\n      {\n         \"status\":\"blocked\",\n         \"account_ids\":[\n            \"1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34\"\n         ],\n         \"start_date\":\"2022-02-01T00:00:00-00:00\"\n      }\n   ],\n   \"populate\":{\n      \"account\":true,\n      \"endpoint\":true,\n      \"group\":true\n   },\n   \"select\":[\n      {\n         \"field\":\"scanned_at\",\n         \"newField\":\"Date\"\n      },\n      {\n         \"field\":\"status\",\n         \"newField\":\"Action taken\"\n      },\n      {\n         \"field\":\"device_control.physical_disk_name\",\n         \"newField\":\"Device\"\n      },\n      {\n         \"field\":\"machine_name\",\n         \"newField\":\"Endpoint\"\n      }\n   ],\n   \"type\":\"string\"\n}\n```\n\n\n",
        "summary": "Export device control events",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "type",
                            "group_id",
                            "path",
                            "status",
                            "id",
                            "machine_id",
                            "account_id",
                            "account.name",
                            "group.name",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_offset_seconds",
                            "reported_at",
                            "category",
                            "is_rtp_stream_event",
                            "process_name",
                            "cleaned_at",
                            "machine_name",
                            "machine_ip",
                            "child_trace_count",
                            "source_location",
                            "destination_location",
                            "machine_location",
                            "trace_ip",
                            "trace_port",
                            "threat_name",
                            "is_root_detection",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.protection_status",
                            "agent.object_guid",
                            "sha256",
                            "md5",
                            "device_control.physical_disk_name",
                            "device_control.pnp_device_id",
                            "device_control.device_id",
                            "device_control.disk_interface",
                            "device_control.manufacturer",
                            "device_control.serial_number",
                            "device_control.file_system",
                            "device_control.volume_name",
                            "device_control.volume_serial",
                            "device_control.volume_device_path",
                            "device_control.block_status",
                            "device_control.timestamp",
                            "device_control.drive_compressed",
                            "action_taken",
                            "device_control.access"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "required": [
                        "account_ids"
                      ],
                      "title": "List of queries to fetch endpoints",
                      "additionalProperties": true,
                      "properties": {
                        "account_ids": {
                          "type": "array",
                          "title": "List of account IDs for this query",
                          "items": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.v2.nebula.post.export.devicecontrol"
      }
    },
    "/nebula/v1/devicecontrol/export/async": {
      "post": {
        "description": "Export device control events asynchronously.",
        "summary": "Export device control events asynchronously",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "type",
                            "group_id",
                            "path",
                            "status",
                            "id",
                            "machine_id",
                            "account_id",
                            "account.name",
                            "group.name",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_offset_seconds",
                            "reported_at",
                            "category",
                            "is_rtp_stream_event",
                            "process_name",
                            "cleaned_at",
                            "machine_name",
                            "machine_ip",
                            "child_trace_count",
                            "source_location",
                            "destination_location",
                            "machine_location",
                            "trace_ip",
                            "trace_port",
                            "threat_name",
                            "is_root_detection",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.protection_status",
                            "agent.object_guid",
                            "sha256",
                            "md5",
                            "device_control.physical_disk_name",
                            "device_control.pnp_device_id",
                            "device_control.device_id",
                            "device_control.disk_interface",
                            "device_control.manufacturer",
                            "device_control.serial_number",
                            "device_control.file_system",
                            "device_control.volume_name",
                            "device_control.volume_serial",
                            "device_control.volume_device_path",
                            "device_control.block_status",
                            "device_control.timestamp",
                            "device_control.drive_compressed",
                            "action_taken",
                            "device_control.access"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "required": [
                        "account_ids"
                      ],
                      "title": "List of queries to fetch endpoints",
                      "additionalProperties": true,
                      "properties": {
                        "account_ids": {
                          "type": "array",
                          "title": "List of account IDs for this query",
                          "items": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.v2.nebula.post.export.devicecontrol.async"
      }
    },
    "/nebula/v1/devicecontrol/{id}": {
      "get": {
        "description": "Get device control event and its full information by ID.",
        "summary": "Get device control event by ID",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get device control event by id",
                  "additionalProperties": false,
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "ID"
                    },
                    "type": {
                      "type": "array",
                      "title": "Type",
                      "items": {
                        "type": "string",
                        "title": "Type items"
                      }
                    },
                    "status": {
                      "type": "string",
                      "title": "Status"
                    },
                    "path": {
                      "type": "string",
                      "title": "Path"
                    },
                    "group_id": {
                      "type": "string",
                      "title": "Group ID"
                    },
                    "is_root_detection": {
                      "type": "boolean",
                      "title": "Is root detection"
                    },
                    "machine_id": {
                      "type": "string",
                      "title": "Endpoint ID"
                    },
                    "account_id": {
                      "type": "string",
                      "title": "Account ID"
                    },
                    "detection_id": {
                      "type": "string",
                      "title": "Detection ID"
                    },
                    "scanned_at": {
                      "type": "string",
                      "title": "Scanned at"
                    },
                    "scanned_at_offset_seconds": {
                      "type": "integer",
                      "title": "Scanned at offset seconds"
                    },
                    "reported_at": {
                      "type": "string",
                      "title": "Reported at"
                    },
                    "threat_name": {
                      "type": "string",
                      "title": "Threat name"
                    },
                    "category": {
                      "type": "string",
                      "title": "Category"
                    },
                    "is_rtp_stream_event": {
                      "type": "boolean",
                      "title": "Is rtp stream event"
                    },
                    "process_name": {
                      "type": "string",
                      "title": "Process name"
                    },
                    "cleaned_at": {
                      "type": "string",
                      "title": "Cleaned at"
                    },
                    "machine_name": {
                      "type": "string",
                      "title": "Endpoint name"
                    },
                    "trace_id": {
                      "type": "string",
                      "title": "Trace ID"
                    },
                    "scan_id": {
                      "type": "string",
                      "title": "Scan ID"
                    },
                    "affected_application": {
                      "type": "string",
                      "title": "Affected application"
                    },
                    "last_user": {
                      "type": "string",
                      "title": "Last user"
                    },
                    "md5": {
                      "type": "string",
                      "title": "MD5"
                    },
                    "sha256": {
                      "type": "string",
                      "title": "SHA256"
                    },
                    "machine_ip": {
                      "type": "string",
                      "title": "Machine IP address"
                    },
                    "child_trace_count": {
                      "type": "integer",
                      "title": "Child trace count"
                    },
                    "action_taken": {
                      "type": "string",
                      "title": "Action taken"
                    },
                    "agent": {
                      "allOf": [
                        {
                          "$schema": "http://json-schema.org/draft-07/schema",
                          "type": "object",
                          "title": "The root schema",
                          "description": "The root schema comprises the entire JSON document.",
                          "default": {},
                          "examples": [
                            {
                              "at": "2020-10-23T14:20:51.006558Z",
                              "is_software_update_available": false,
                              "started_at_local": "2020-10-23T14:20:50.920306Z",
                              "started_at_offset": -25200,
                              "nics": [
                                {
                                  "ips": [
                                    "10.151.110.52"
                                  ],
                                  "description": "Intel(R) 82574L Gigabit Network Connection",
                                  "mac_address": "005056B91173"
                                }
                              ],
                              "os_info": {
                                "os_type": "Workstation",
                                "os_version": "6.3.9600",
                                "os_platform": "Windows",
                                "os_architecture": "x86",
                                "os_release_name": "Microsoft Windows 8.1 Pro"
                              },
                              "fully_qualified_host_name": "sahamedw8-1x86",
                              "plugins": {
                                "windows_remote_intrusion_detection_and_prevention": {
                                  "product_name": "Windows Remote Intrusion Detection and Prevention",
                                  "plugin_version": "1.2.0.21"
                                },
                                "endpoint_protection": {
                                  "sdk_version": "4.2.1.90",
                                  "product_name": "Endpoint Protection",
                                  "plugin_version": "1.2.0.844",
                                  "update_package_version": "1.0.31870",
                                  "component_package_version": "1.0.1085",
                                  "reboot_reasons": 0
                                },
                                "asset_manager": {
                                  "product_name": "Asset Manager",
                                  "plugin_version": "1.2.0.330",
                                  "reboot_reasons": 0
                                },
                                "endpoint_detection_and_response": {
                                  "product_name": "Endpoint Detection and Response",
                                  "plugin_version": "1.2.0.297",
                                  "reboot_reasons": 0
                                }
                              },
                              "engine_version": "1.2.0.821",
                              "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                              "last_user": "SAHAMEDW8-1X86\\Administrator",
                              "serial_number": "c02thb32g8wn",
                              "host_name": "sahamedw8-1x86",
                              "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                              "machine_ip": "216.75.233.210"
                            }
                          ],
                          "properties": {
                            "at": {
                              "type": "string",
                              "title": "The at schema",
                              "default": "",
                              "examples": [
                                "2020-10-23T14:20:51.006558Z"
                              ]
                            },
                            "is_software_update_available": {
                              "type": "boolean",
                              "title": "The is_software_update_available schema",
                              "default": false,
                              "examples": [
                                false
                              ]
                            },
                            "started_at_local": {
                              "type": "string",
                              "title": "The started_at_local schema",
                              "default": "",
                              "examples": [
                                "2020-10-23T14:20:50.920306Z"
                              ]
                            },
                            "started_at_offset": {
                              "type": "integer",
                              "title": "The started_at_offset schema",
                              "default": 0,
                              "examples": [
                                -25200
                              ]
                            },
                            "nics": {
                              "type": "array",
                              "title": "The nics schema",
                              "default": [],
                              "examples": [
                                [
                                  {
                                    "ips": [
                                      "10.151.110.52"
                                    ],
                                    "description": "Intel(R) 82574L Gigabit Network Connection",
                                    "mac_address": "005056B91173"
                                  }
                                ]
                              ],
                              "additionalItems": true,
                              "items": {
                                "anyOf": [
                                  {
                                    "type": "object",
                                    "title": "The first anyOf schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "properties": {
                                      "ips": {
                                        "type": "array",
                                        "title": "The ips schema",
                                        "default": [],
                                        "examples": [
                                          [
                                            "10.151.110.52"
                                          ]
                                        ],
                                        "additionalItems": true,
                                        "items": {
                                          "anyOf": [
                                            {
                                              "type": "string",
                                              "title": "The first anyOf schema",
                                              "default": "",
                                              "examples": [
                                                "10.151.110.52"
                                              ]
                                            }
                                          ]
                                        }
                                      },
                                      "description": {
                                        "type": "string",
                                        "title": "The description schema",
                                        "default": "",
                                        "examples": [
                                          "Intel(R) 82574L Gigabit Network Connection"
                                        ]
                                      },
                                      "mac_address": {
                                        "type": "string",
                                        "title": "The mac_address schema",
                                        "default": "",
                                        "examples": [
                                          "005056B91173"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  }
                                ]
                              }
                            },
                            "os_info": {
                              "type": "object",
                              "title": "The os_info schema",
                              "default": {},
                              "examples": [
                                {
                                  "os_type": "Workstation",
                                  "os_version": "6.3.9600",
                                  "os_platform": "Windows",
                                  "os_architecture": "x86",
                                  "os_release_name": "Microsoft Windows 8.1 Pro"
                                }
                              ],
                              "properties": {
                                "os_type": {
                                  "type": "string",
                                  "title": "The os_type schema",
                                  "default": "",
                                  "examples": [
                                    "Workstation"
                                  ]
                                },
                                "os_version": {
                                  "type": "string",
                                  "title": "The os_version schema",
                                  "default": "",
                                  "examples": [
                                    "6.3.9600"
                                  ]
                                },
                                "os_platform": {
                                  "type": "string",
                                  "title": "The os_platform schema",
                                  "default": "",
                                  "examples": [
                                    "Windows"
                                  ]
                                },
                                "os_architecture": {
                                  "type": "string",
                                  "title": "The os_architecture schema",
                                  "default": "",
                                  "examples": [
                                    "x86"
                                  ]
                                },
                                "os_release_name": {
                                  "type": "string",
                                  "title": "The os_release_name schema",
                                  "default": "",
                                  "examples": [
                                    "Microsoft Windows 8.1 Pro"
                                  ]
                                }
                              },
                              "additionalProperties": true
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "The fully_qualified_host_name schema",
                              "default": "",
                              "examples": [
                                "sahamedw8-1x86"
                              ]
                            },
                            "plugins": {
                              "type": "object",
                              "title": "The plugins schema",
                              "default": {},
                              "examples": [
                                {
                                  "windows_remote_intrusion_detection_and_prevention": {
                                    "product_name": "Windows Remote Intrusion Detection and Prevention",
                                    "plugin_version": "1.2.0.21"
                                  },
                                  "endpoint_protection": {
                                    "sdk_version": "4.2.1.90",
                                    "product_name": "Endpoint Protection",
                                    "plugin_version": "1.2.0.844",
                                    "update_package_version": "1.0.31870",
                                    "component_package_version": "1.0.1085",
                                    "reboot_reasons": 0
                                  },
                                  "asset_manager": {
                                    "product_name": "Asset Manager",
                                    "plugin_version": "1.2.0.330",
                                    "reboot_reasons": 0
                                  },
                                  "endpoint_detection_and_response": {
                                    "product_name": "Endpoint Detection and Response",
                                    "plugin_version": "1.2.0.297",
                                    "reboot_reasons": 0
                                  }
                                }
                              ],
                              "properties": {
                                "windows_remote_intrusion_detection_and_prevention": {
                                  "type": "object",
                                  "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                  "default": {},
                                  "examples": [
                                    {
                                      "product_name": "Windows Remote Intrusion Detection and Prevention",
                                      "plugin_version": "1.2.0.21"
                                    }
                                  ],
                                  "properties": {
                                    "product_name": {
                                      "type": "string",
                                      "title": "The product_name schema",
                                      "default": "",
                                      "examples": [
                                        "Windows Remote Intrusion Detection and Prevention"
                                      ]
                                    },
                                    "plugin_version": {
                                      "type": "string",
                                      "title": "The plugin_version schema",
                                      "default": "",
                                      "examples": [
                                        "1.2.0.21"
                                      ]
                                    }
                                  },
                                  "additionalProperties": true
                                },
                                "endpoint_protection": {
                                  "type": "object",
                                  "title": "The endpoint_protection schema",
                                  "default": {},
                                  "examples": [
                                    {
                                      "sdk_version": "4.2.1.90",
                                      "product_name": "Endpoint Protection",
                                      "plugin_version": "1.2.0.844",
                                      "update_package_version": "1.0.31870",
                                      "component_package_version": "1.0.1085",
                                      "reboot_reasons": 0
                                    }
                                  ],
                                  "properties": {
                                    "sdk_version": {
                                      "type": "string",
                                      "title": "The sdk_version schema",
                                      "default": "",
                                      "examples": [
                                        "4.2.1.90"
                                      ]
                                    },
                                    "product_name": {
                                      "type": "string",
                                      "title": "The product_name schema",
                                      "default": "",
                                      "examples": [
                                        "Endpoint Protection"
                                      ]
                                    },
                                    "plugin_version": {
                                      "type": "string",
                                      "title": "The plugin_version schema",
                                      "default": "",
                                      "examples": [
                                        "1.2.0.844"
                                      ]
                                    },
                                    "update_package_version": {
                                      "type": "string",
                                      "title": "The update_package_version schema",
                                      "default": "",
                                      "examples": [
                                        "1.0.31870"
                                      ]
                                    },
                                    "component_package_version": {
                                      "type": "string",
                                      "title": "The component_package_version schema",
                                      "default": "",
                                      "examples": [
                                        "1.0.1085"
                                      ]
                                    },
                                    "reboot_reasons": {
                                      "type": "integer",
                                      "title": "The reboot_reasons schema",
                                      "default": 0,
                                      "examples": [
                                        0
                                      ]
                                    }
                                  },
                                  "additionalProperties": true
                                },
                                "asset_manager": {
                                  "type": "object",
                                  "title": "The asset_manager schema",
                                  "default": {},
                                  "examples": [
                                    {
                                      "product_name": "Asset Manager",
                                      "plugin_version": "1.2.0.330",
                                      "reboot_reasons": 0
                                    }
                                  ],
                                  "properties": {
                                    "product_name": {
                                      "type": "string",
                                      "title": "The product_name schema",
                                      "default": "",
                                      "examples": [
                                        "Asset Manager"
                                      ]
                                    },
                                    "plugin_version": {
                                      "type": "string",
                                      "title": "The plugin_version schema",
                                      "default": "",
                                      "examples": [
                                        "1.2.0.330"
                                      ]
                                    },
                                    "reboot_reasons": {
                                      "type": "integer",
                                      "title": "The reboot_reasons schema",
                                      "default": 0,
                                      "examples": [
                                        0
                                      ]
                                    }
                                  },
                                  "additionalProperties": true
                                },
                                "endpoint_detection_and_response": {
                                  "type": "object",
                                  "title": "The endpoint_detection_and_response schema",
                                  "default": {},
                                  "examples": [
                                    {
                                      "product_name": "Endpoint Detection and Response",
                                      "plugin_version": "1.2.0.297",
                                      "reboot_reasons": 0
                                    }
                                  ],
                                  "properties": {
                                    "product_name": {
                                      "type": "string",
                                      "title": "The product_name schema",
                                      "default": "",
                                      "examples": [
                                        "Endpoint Detection and Response"
                                      ]
                                    },
                                    "plugin_version": {
                                      "type": "string",
                                      "title": "The plugin_version schema",
                                      "default": "",
                                      "examples": [
                                        "1.2.0.297"
                                      ]
                                    },
                                    "reboot_reasons": {
                                      "type": "integer",
                                      "title": "The reboot_reasons schema",
                                      "default": 0,
                                      "examples": [
                                        0
                                      ]
                                    }
                                  },
                                  "additionalProperties": true
                                }
                              },
                              "additionalProperties": true
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "The engine_version schema",
                              "default": "",
                              "examples": [
                                "1.2.0.821"
                              ]
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "The policy_etag schema",
                              "default": "",
                              "examples": [
                                "c6ea44914b72c92cba939ac3bd369dc4"
                              ]
                            },
                            "last_user": {
                              "type": "string",
                              "title": "The last_user schema",
                              "default": "",
                              "examples": [
                                "SAHAMEDW8-1X86\\Administrator"
                              ]
                            },
                            "host_name": {
                              "type": "string",
                              "title": "The host_name schema",
                              "default": "",
                              "examples": [
                                "sahamedw8-1x86"
                              ]
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "The machine_id schema",
                              "default": "",
                              "examples": [
                                "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                              ]
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "The machine_ip schema",
                              "default": "",
                              "examples": [
                                "216.75.233.210"
                              ]
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "The object_guid schema",
                              "default": ""
                            }
                          }
                        },
                        {
                          "title": "Agent information. Included if the request includes populate 'endpoint'"
                        }
                      ]
                    },
                    "machine_location": {
                      "allOf": [
                        {
                          "$schema": "http://json-schema.org/draft-07/schema",
                          "type": "object",
                          "title": "The root schema",
                          "description": "The root schema comprises the entire JSON document.",
                          "default": {},
                          "examples": [
                            {
                              "city": "Santa Clara",
                              "continent": "North America",
                              "subdivisions": [
                                "California"
                              ],
                              "country": "United States",
                              "country_iso": "US",
                              "accuracy_radius": 10,
                              "point": {
                                "lat": 37.3417,
                                "lon": -121.9753
                              },
                              "postal_code": "95051",
                              "anonymous_proxy": false,
                              "time_zone": "America/Los_Angeles"
                            }
                          ],
                          "properties": {
                            "city": {
                              "type": "string",
                              "title": "The city schema",
                              "default": "",
                              "examples": [
                                "Santa Clara"
                              ]
                            },
                            "continent": {
                              "type": "string",
                              "title": "The continent schema",
                              "default": "",
                              "examples": [
                                "North America"
                              ]
                            },
                            "subdivisions": {
                              "type": "array",
                              "title": "The subdivisions schema",
                              "default": [],
                              "examples": [
                                [
                                  "California"
                                ]
                              ],
                              "items": {
                                "anyOf": [
                                  {
                                    "type": "string",
                                    "title": "The first anyOf schema",
                                    "default": "",
                                    "examples": [
                                      "California"
                                    ]
                                  }
                                ]
                              }
                            },
                            "country": {
                              "type": "string",
                              "title": "The country schema",
                              "default": "",
                              "examples": [
                                "United States"
                              ]
                            },
                            "country_iso": {
                              "type": "string",
                              "title": "The country_iso schema",
                              "default": "",
                              "examples": [
                                "United States"
                              ]
                            },
                            "accuracy_radius": {
                              "type": "integer",
                              "title": "The accuracy_radius schema",
                              "default": 0,
                              "examples": [
                                10
                              ]
                            },
                            "point": {
                              "type": "object",
                              "title": "The point schema",
                              "default": {},
                              "examples": [
                                {
                                  "lat": 37.3417,
                                  "lon": -121.9753
                                }
                              ],
                              "properties": {
                                "lat": {
                                  "allOf": [
                                    {
                                      "bignumber": true
                                    },
                                    {
                                      "type": "number",
                                      "title": "The latitude",
                                      "default": 0,
                                      "examples": [
                                        37.3417
                                      ]
                                    }
                                  ]
                                },
                                "lon": {
                                  "allOf": [
                                    {
                                      "bignumber": true
                                    },
                                    {
                                      "type": "number",
                                      "title": "The longitude",
                                      "default": 0,
                                      "examples": [
                                        -121.9753
                                      ]
                                    }
                                  ]
                                }
                              }
                            },
                            "postal_code": {
                              "type": "string",
                              "title": "The postal_code schema",
                              "default": "",
                              "examples": [
                                "95051"
                              ]
                            },
                            "anonymous_proxy": {
                              "type": "boolean",
                              "title": "The anonymous_proxy schema",
                              "default": false,
                              "examples": [
                                false
                              ]
                            },
                            "time_zone": {
                              "type": "string",
                              "title": "The time_zone schema",
                              "default": "",
                              "examples": [
                                "America/Los_Angeles"
                              ]
                            }
                          }
                        },
                        {
                          "title": "Machine location. Included if the request includes populate 'endpoint'"
                        }
                      ]
                    },
                    "source_location": {
                      "allOf": [
                        {
                          "$schema": "http://json-schema.org/draft-07/schema",
                          "type": "object",
                          "title": "The root schema",
                          "description": "The root schema comprises the entire JSON document.",
                          "default": {},
                          "examples": [
                            {
                              "city": "Santa Clara",
                              "continent": "North America",
                              "subdivisions": [
                                "California"
                              ],
                              "country": "United States",
                              "country_iso": "US",
                              "accuracy_radius": 10,
                              "point": {
                                "lat": 37.3417,
                                "lon": -121.9753
                              },
                              "postal_code": "95051",
                              "anonymous_proxy": false,
                              "time_zone": "America/Los_Angeles"
                            }
                          ],
                          "properties": {
                            "city": {
                              "type": "string",
                              "title": "The city schema",
                              "default": "",
                              "examples": [
                                "Santa Clara"
                              ]
                            },
                            "continent": {
                              "type": "string",
                              "title": "The continent schema",
                              "default": "",
                              "examples": [
                                "North America"
                              ]
                            },
                            "subdivisions": {
                              "type": "array",
                              "title": "The subdivisions schema",
                              "default": [],
                              "examples": [
                                [
                                  "California"
                                ]
                              ],
                              "items": {
                                "anyOf": [
                                  {
                                    "type": "string",
                                    "title": "The first anyOf schema",
                                    "default": "",
                                    "examples": [
                                      "California"
                                    ]
                                  }
                                ]
                              }
                            },
                            "country": {
                              "type": "string",
                              "title": "The country schema",
                              "default": "",
                              "examples": [
                                "United States"
                              ]
                            },
                            "country_iso": {
                              "type": "string",
                              "title": "The country_iso schema",
                              "default": "",
                              "examples": [
                                "United States"
                              ]
                            },
                            "accuracy_radius": {
                              "type": "integer",
                              "title": "The accuracy_radius schema",
                              "default": 0,
                              "examples": [
                                10
                              ]
                            },
                            "point": {
                              "type": "object",
                              "title": "The point schema",
                              "default": {},
                              "examples": [
                                {
                                  "lat": 37.3417,
                                  "lon": -121.9753
                                }
                              ],
                              "properties": {
                                "lat": {
                                  "allOf": [
                                    {
                                      "bignumber": true
                                    },
                                    {
                                      "type": "number",
                                      "title": "The latitude",
                                      "default": 0,
                                      "examples": [
                                        37.3417
                                      ]
                                    }
                                  ]
                                },
                                "lon": {
                                  "allOf": [
                                    {
                                      "bignumber": true
                                    },
                                    {
                                      "type": "number",
                                      "title": "The longitude",
                                      "default": 0,
                                      "examples": [
                                        -121.9753
                                      ]
                                    }
                                  ]
                                }
                              }
                            },
                            "postal_code": {
                              "type": "string",
                              "title": "The postal_code schema",
                              "default": "",
                              "examples": [
                                "95051"
                              ]
                            },
                            "anonymous_proxy": {
                              "type": "boolean",
                              "title": "The anonymous_proxy schema",
                              "default": false,
                              "examples": [
                                false
                              ]
                            },
                            "time_zone": {
                              "type": "string",
                              "title": "The time_zone schema",
                              "default": "",
                              "examples": [
                                "America/Los_Angeles"
                              ]
                            }
                          }
                        },
                        {
                          "title": "Source location for RID category"
                        }
                      ]
                    },
                    "destination_location": {
                      "allOf": [
                        {
                          "$schema": "http://json-schema.org/draft-07/schema",
                          "type": "object",
                          "title": "The root schema",
                          "description": "The root schema comprises the entire JSON document.",
                          "default": {},
                          "examples": [
                            {
                              "city": "Santa Clara",
                              "continent": "North America",
                              "subdivisions": [
                                "California"
                              ],
                              "country": "United States",
                              "country_iso": "US",
                              "accuracy_radius": 10,
                              "point": {
                                "lat": 37.3417,
                                "lon": -121.9753
                              },
                              "postal_code": "95051",
                              "anonymous_proxy": false,
                              "time_zone": "America/Los_Angeles"
                            }
                          ],
                          "properties": {
                            "city": {
                              "type": "string",
                              "title": "The city schema",
                              "default": "",
                              "examples": [
                                "Santa Clara"
                              ]
                            },
                            "continent": {
                              "type": "string",
                              "title": "The continent schema",
                              "default": "",
                              "examples": [
                                "North America"
                              ]
                            },
                            "subdivisions": {
                              "type": "array",
                              "title": "The subdivisions schema",
                              "default": [],
                              "examples": [
                                [
                                  "California"
                                ]
                              ],
                              "items": {
                                "anyOf": [
                                  {
                                    "type": "string",
                                    "title": "The first anyOf schema",
                                    "default": "",
                                    "examples": [
                                      "California"
                                    ]
                                  }
                                ]
                              }
                            },
                            "country": {
                              "type": "string",
                              "title": "The country schema",
                              "default": "",
                              "examples": [
                                "United States"
                              ]
                            },
                            "country_iso": {
                              "type": "string",
                              "title": "The country_iso schema",
                              "default": "",
                              "examples": [
                                "United States"
                              ]
                            },
                            "accuracy_radius": {
                              "type": "integer",
                              "title": "The accuracy_radius schema",
                              "default": 0,
                              "examples": [
                                10
                              ]
                            },
                            "point": {
                              "type": "object",
                              "title": "The point schema",
                              "default": {},
                              "examples": [
                                {
                                  "lat": 37.3417,
                                  "lon": -121.9753
                                }
                              ],
                              "properties": {
                                "lat": {
                                  "allOf": [
                                    {
                                      "bignumber": true
                                    },
                                    {
                                      "type": "number",
                                      "title": "The latitude",
                                      "default": 0,
                                      "examples": [
                                        37.3417
                                      ]
                                    }
                                  ]
                                },
                                "lon": {
                                  "allOf": [
                                    {
                                      "bignumber": true
                                    },
                                    {
                                      "type": "number",
                                      "title": "The longitude",
                                      "default": 0,
                                      "examples": [
                                        -121.9753
                                      ]
                                    }
                                  ]
                                }
                              }
                            },
                            "postal_code": {
                              "type": "string",
                              "title": "The postal_code schema",
                              "default": "",
                              "examples": [
                                "95051"
                              ]
                            },
                            "anonymous_proxy": {
                              "type": "boolean",
                              "title": "The anonymous_proxy schema",
                              "default": false,
                              "examples": [
                                false
                              ]
                            },
                            "time_zone": {
                              "type": "string",
                              "title": "The time_zone schema",
                              "default": "",
                              "examples": [
                                "America/Los_Angeles"
                              ]
                            }
                          }
                        },
                        {
                          "title": "Destination location for RID category"
                        }
                      ]
                    },
                    "account": {
                      "parent": {
                        "title": "Parent account ID",
                        "type": "string"
                      },
                      "name": {
                        "title": "Account name",
                        "type": "string"
                      },
                      "deleted": {
                        "title": "Account deleted",
                        "type": "boolean"
                      },
                      "options": {
                        "type": "object",
                        "properties": {
                          "msp": {
                            "type": "object",
                            "properties": {
                              "name": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "device_control": {
                      "title": "Device Control. Included if the detection is a device control event.",
                      "type": "object",
                      "properties": {
                        "timestamp": {
                          "type": "string"
                        },
                        "physical_disk_name": {
                          "type": "string"
                        },
                        "device_id": {
                          "type": "string"
                        },
                        "disk_interface": {
                          "type": "string"
                        },
                        "manufacturer": {
                          "type": "string"
                        },
                        "serial_number": {
                          "type": "string"
                        },
                        "drive_compressed": {
                          "type": "boolean"
                        },
                        "file_system": {
                          "type": "string"
                        },
                        "volume_name": {
                          "type": "string"
                        },
                        "volume_serial": {
                          "type": "string"
                        },
                        "volume_device_path": {
                          "type": "string"
                        },
                        "block_status": {
                          "type": "string"
                        },
                        "drive_metadata": {
                          "type": "object",
                          "additionalProperties": true
                        },
                        "path": {
                          "type": "string"
                        },
                        "type": {
                          "type": "array"
                        },
                        "status": {
                          "type": "string"
                        },
                        "access": {
                          "type": "string"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.v2.nebula.get.devicecontrol.id"
      }
    },
    "/nebula/v1/devicecontrol/exclusions/suggestions": {
      "get": {
        "description": "Get excludable devices.",
        "summary": "Get excludable devices",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "vendor",
            "required": false,
            "in": "query",
            "description": "Vendor",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "product",
            "required": false,
            "in": "query",
            "description": "Product",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "serial",
            "required": false,
            "in": "query",
            "description": "Serial number",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get devices that are excludable by account",
                  "type": "object",
                  "required": [
                    "devices",
                    "total_count"
                  ],
                  "properties": {
                    "devices": {
                      "type": "array",
                      "title": "Devices",
                      "items": {
                        "type": "object",
                        "properties": {
                          "vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "serial": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.nebula.get.device.exclusions.suggestions"
      }
    },
    "/nebula/v1/devicecontrol": {
      "post": {
        "description": "Search device control events.",
        "summary": "Search device control events",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search device control request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "required": [],
                "properties": {
                  "protection_status": {
                    "type": "string",
                    "title": "Protection status of the endpoint(s)",
                    "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                  },
                  "scan_type": {
                    "type": "string",
                    "title": "Type of the scan"
                  },
                  "schedule_id": {
                    "type": "string",
                    "title": "ID of the schedule"
                  },
                  "schedule_etag": {
                    "type": "string",
                    "title": "ETAG of the schedule"
                  },
                  "job_id": {
                    "type": "string",
                    "title": "ID of the job originating this detection"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified domain name"
                  },
                  "engine_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified engine version"
                  },
                  "last_user": {
                    "type": "string",
                    "title": "Last user that logged into the machine"
                  },
                  "last_user.keyword": {
                    "type": "string",
                    "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "plugins.siem.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                  },
                  "plugins.siem.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified SIEM plugin version"
                  },
                  "plugins.browser_phishing_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                  },
                  "plugins.incident_response.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                  },
                  "plugins.incident_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified IR plugin version"
                  },
                  "plugins.endpoint_detection_response.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                  },
                  "plugins.endpoint_detection_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EDR plugin version"
                  },
                  "plugins.endpoint_protection.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                  },
                  "plugins.endpoint_protection.update_package_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP update package version"
                  },
                  "plugins.endpoint_protection.component_package_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP component package version"
                  },
                  "plugins.endpoint_protection.sdk_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP SDK version"
                  },
                  "plugins.endpoint_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified EP plugin version"
                  },
                  "plugins.asset_manager.reboot_reason": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                  },
                  "plugins.asset_manager.plugin_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified asset manager plugin version"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified, fully qualified host name"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified host name"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified release name of OS"
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS architecture"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS version"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified OS type"
                  },
                  "nics.description": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified NICS description"
                  },
                  "nics.mac_address": {
                    "type": "string",
                    "title": "Filter the search to the endpoints with specified NICS MAC address"
                  },
                  "nics.ips": {
                    "type": "string",
                    "format": "ipv4",
                    "title": "Filter the search to the endpoints with specified ips"
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "engine_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by engine version. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "at_after": {
                    "type": "string",
                    "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "at_before": {
                    "type": "string",
                    "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "machine_name.keyword": {
                    "type": "string",
                    "title": "The name of the machine. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "machine_name": {
                    "type": "string",
                    "title": "The name of the machine"
                  },
                  "process_name.keyword": {
                    "type": "string",
                    "title": "The name of the process that originated this detection. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "process_name": {
                    "type": "string",
                    "title": "The name of the process that originated this detection"
                  },
                  "affected_application.keyword": {
                    "type": "string",
                    "title": "The application affected by this detection. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "affected_application": {
                    "type": "string",
                    "title": "The application affected by this detection"
                  },
                  "category": {
                    "type": "string",
                    "title": "The category of this detection"
                  },
                  "md5": {
                    "type": "string",
                    "title": "The md5 hash of this detection"
                  },
                  "sha256": {
                    "type": "string",
                    "title": "The sha256 hash of this detection"
                  },
                  "path.keyword": {
                    "type": "string",
                    "title": "The path where this detection happened. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "path": {
                    "type": "string",
                    "title": "The path where this detection happened"
                  },
                  "type": {
                    "type": "string",
                    "title": "The type of the detection"
                  },
                  "threat_name.keyword": {
                    "type": "string",
                    "title": "The name of the threat. This 'contains' type search will look for the exact match anywhere in the field."
                  },
                  "threat_name": {
                    "type": "string",
                    "title": "The name of the threat"
                  },
                  "status": {
                    "type": "string",
                    "title": "The status of the detection"
                  },
                  "correlation_hash": {
                    "type": "string",
                    "title": "The hash"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "The ID of the group to which the endpoint is assigned (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "The ID of the endpoint (machine) where this detection originated (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "detection_id": {
                    "type": "string",
                    "title": "The ID of the detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "parent_detection_id": {
                    "type": "string",
                    "title": "The ID of the parent detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "scan_id": {
                    "type": "string",
                    "title": "The ID of the scan (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "trace_id": {
                    "type": "string",
                    "title": "The ID of the parent trace (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                    "examples": [
                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                    ]
                  },
                  "start_date": {
                    "type": "string",
                    "title": "Get results after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "end_date": {
                    "type": "string",
                    "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "scanned_at_after": {
                    "type": "string",
                    "title": "Get results generated by a scan happening after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "scanned_at_before": {
                    "type": "string",
                    "title": "Get results generated by a scan happening before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "reported_at_after": {
                    "type": "string",
                    "title": "Get results reported after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "reported_at_before": {
                    "type": "string",
                    "title": "Get results reported before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "cleaned_at_after": {
                    "type": "string",
                    "title": "Get results cleaned after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "cleaned_at_before": {
                    "type": "string",
                    "title": "Get results cleaned before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "is_root_detection": {
                    "type": "boolean",
                    "title": "Whether this detection is the root detection"
                  },
                  "is_rtp_stream_event": {
                    "type": "boolean",
                    "title": "Whether this is a Real-Time Protection event"
                  },
                  "object_guid": {
                    "type": "string",
                    "title": "object_guid filter"
                  },
                  "device_control.physical_disk_name": {
                    "type": "string",
                    "title": "Filter the search by device_control.physical_disk_name. Search for an exact match"
                  },
                  "device_control.physical_disk_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.physical_disk_name.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.physical_disk_name": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.physical_disk_name. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.physical_disk_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.physical_disk_name.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.pnp_device_id": {
                    "type": "string",
                    "title": "Filter the search by device_control.pnp_device_id. Search for an exact match"
                  },
                  "device_control.pnp_device_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.pnp_device_id.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.pnp_device_id": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.pnp_device_id. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.pnp_device_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.pnp_device_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.device_id": {
                    "type": "string",
                    "title": "Filter the search by device_control.device_id. Search for an exact match"
                  },
                  "device_control.device_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.device_id.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.device_id": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.device_id. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.device_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.device_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.disk_interface": {
                    "type": "string",
                    "title": "Filter the search by device_control.disk_interface. Search for an exact match"
                  },
                  "device_control.disk_interface.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.disk_interface.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.disk_interface": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.disk_interface. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.disk_interface.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.disk_interface.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.manufacturer": {
                    "type": "string",
                    "title": "Filter the search by device_control.manufacturer. Search for an exact match"
                  },
                  "device_control.manufacturer.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.manufacturer.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.manufacturer": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.manufacturer. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.manufacturer.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.manufacturer.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.serial_number": {
                    "type": "string",
                    "title": "Filter the search by device_control.serial_number. Search for an exact match"
                  },
                  "device_control.serial_number.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.serial_number.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.serial_number": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.serial_number. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.serial_number.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.serial_number.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.file_system": {
                    "type": "string",
                    "title": "Filter the search by device_control.file_system. Search for an exact match"
                  },
                  "device_control.file_system.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.file_system.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.file_system": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.file_system. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.file_system.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.file_system.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.volume_name": {
                    "type": "string",
                    "title": "Filter the search by device_control.volume_name. Search for an exact match"
                  },
                  "device_control.volume_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.volume_name.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.volume_name": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.volume_name. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.volume_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.volume_name.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.volume_serial": {
                    "type": "string",
                    "title": "Filter the search by device_control.volume_serial. Search for an exact match"
                  },
                  "device_control.volume_serial.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.volume_serial.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.volume_serial": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.volume_serial. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.volume_serial.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.volume_serial.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.volume_device_path": {
                    "type": "string",
                    "title": "Filter the search by device_control.volume_device_path. Search for an exact match"
                  },
                  "device_control.volume_device_path.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.volume_device_path.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.volume_device_path": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.volume_device_path. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.volume_device_path.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.volume_device_path.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.block_status": {
                    "type": "string",
                    "title": "Filter the search by device_control.block_status. Search for an exact match"
                  },
                  "device_control.block_status.keyword": {
                    "type": "string",
                    "title": "Filter the search by device_control.block_status.keyword. Search for the matches that contain the value"
                  },
                  "not.device_control.block_status": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.block_status. Search for the matches that are not equal to the value"
                  },
                  "not.device_control.block_status.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.device_control.block_status.keyword. Search for the matches that doesnt contain the value"
                  },
                  "device_control.drive_compressed": {
                    "type": "boolean",
                    "title": "Filter the search by device_control.drive_compressed. Search for an exact match"
                  },
                  "device_control.timestamp_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include device control events that have been occured before the specified date"
                  },
                  "device_control.timestamp_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Results include device control events that have been occured after the specified date"
                  },
                  "device_control.access": {
                    "type": "string",
                    "title": "Access"
                  },
                  "action_taken": {
                    "type": "string",
                    "title": "Filter the search by action_taken. Search for an exact match"
                  },
                  "action_taken.keyword": {
                    "type": "string",
                    "title": "Filter the search by action_taken.keyword. Search for the matches that contain the value"
                  },
                  "not.action_taken": {
                    "type": "string",
                    "title": "Filter the search by not.action_taken. Search for the matches that are not equal to the value"
                  },
                  "not.action_taken.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.action_taken.keyword. Search for the matches that doesnt contain the value"
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "If the sort field is used, then sort_order is required.",
                    "enum": [
                      "trace_id",
                      "scan_id",
                      "machine_id",
                      "group_id",
                      "account_id",
                      "detection_id",
                      "parent_detection_id",
                      "correlation_hash",
                      "status",
                      "threat_name.keyword",
                      "type",
                      "path.keyword",
                      "category",
                      "md5",
                      "sha256",
                      "affected_application.keyword",
                      "process_name.keyword",
                      "machine_name.keyword",
                      "scanned_at",
                      "reported_at",
                      "cleaned_at",
                      "is_root_detection",
                      "is_rtp_stream_event",
                      "object_guid",
                      "device_control.physical_disk_name",
                      "device_control.pnp_device_id",
                      "device_control.device_id",
                      "device_control.disk_interface",
                      "device_control.manufacturer",
                      "device_control.serial_number",
                      "device_control.file_system",
                      "device_control.volume_name",
                      "device_control.volume_serial",
                      "device_control.volume_device_path",
                      "device_control.block_status",
                      "device_control.drive_compressed",
                      "device_control.timestamp"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "trace_id",
                        "scan_id",
                        "machine_id",
                        "group_id",
                        "account_id",
                        "detection_id",
                        "parent_detection_id",
                        "correlation_hash",
                        "status",
                        "threat_name.keyword",
                        "type",
                        "path.keyword",
                        "category",
                        "md5",
                        "affected_application.keyword",
                        "process_name.keyword",
                        "machine_name.keyword",
                        "daily_detections_by_category",
                        "protection_status",
                        "os_info.os_release_name.keyword",
                        "nics.ips",
                        "nics.mac_address",
                        "nics.description.keyword",
                        "os_info.os_type",
                        "os_info.os_version.keyword",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "host_name.keyword",
                        "fully_qualified_host_name.keyword",
                        "plugins.asset_manager.plugin_version.keyword",
                        "plugins.asset_manager.reboot_reason",
                        "plugins.endpoint_protection.plugin_version.keyword",
                        "plugins.endpoint_protection.sdk_version.keyword",
                        "plugins.endpoint_protection.component_package_version.keyword",
                        "plugins.endpoint_protection.update_package_version.keyword",
                        "plugins.endpoint_protection.reboot_reason",
                        "plugins.endpoint_detection_response.plugin_version.keyword",
                        "plugins.endpoint_detection_response.reboot_reason",
                        "plugins.endpoint_detection_and_response.plugin_version.keyword",
                        "plugins.endpoint_detection_and_response.reboot_reason",
                        "plugins.incident_response.plugin_version.keyword",
                        "plugins.incident_response.reboot_reason",
                        "plugins.siem.plugin_version.keyword",
                        "plugins.siem.reboot_reason",
                        "engine_version.keyword",
                        "domain_name.keyword",
                        "policy_etag",
                        "last_user.keyword",
                        "object_guid",
                        "device_control.physical_disk_name",
                        "device_control.pnp_device_id",
                        "device_control.device_id",
                        "device_control.disk_interface",
                        "device_control.manufacturer",
                        "device_control.serial_number",
                        "device_control.file_system",
                        "device_control.volume_name",
                        "device_control.volume_serial",
                        "device_control.volume_device_path",
                        "device_control.block_status",
                        "device_control.drive_compressed",
                        "device_control.timestamp"
                      ]
                    }
                  },
                  "populate": {
                    "type": "object",
                    "title": "The populate object Schema",
                    "properties": {
                      "group": {
                        "type": "boolean",
                        "title": "Populate with the group data"
                      },
                      "endpoint": {
                        "type": "boolean",
                        "title": "Populate with the endpoint data (agent, machine_location)"
                      },
                      "scan_result": {
                        "type": "boolean",
                        "title": "Populate with the scan_result data"
                      }
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  },
                  "aggregate_by_account": {
                    "type": "boolean"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search detections result",
                  "properties": {
                    "detections": {
                      "type": "array",
                      "title": "Detections",
                      "items": {
                        "type": "object",
                        "title": "Detection items",
                        "additionalProperties": false,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID"
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID"
                          },
                          "is_root_detection": {
                            "type": "boolean",
                            "title": "Is root detection"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID"
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection ID"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at"
                          },
                          "scanned_at_offset_seconds": {
                            "type": "integer",
                            "title": "Scanned at offset seconds"
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Reported at"
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "is_rtp_stream_event": {
                            "type": "boolean",
                            "title": "Is rtp stream event"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          },
                          "cleaned_at": {
                            "type": "string",
                            "title": "Cleaned at"
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Endpoint name"
                          },
                          "trace_id": {
                            "type": "string",
                            "title": "Trace ID"
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "Affected application"
                          },
                          "last_user": {
                            "type": "string",
                            "title": "Last user"
                          },
                          "md5": {
                            "type": "string",
                            "title": "MD5"
                          },
                          "sha256": {
                            "type": "string",
                            "title": "SHA256"
                          },
                          "machine_ip": {
                            "type": "string",
                            "title": "Machine IP address"
                          },
                          "child_trace_count": {
                            "type": "integer",
                            "title": "Child trace count"
                          },
                          "action_taken": {
                            "type": "string",
                            "title": "Action taken"
                          },
                          "agent": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "at": "2020-10-23T14:20:51.006558Z",
                                    "is_software_update_available": false,
                                    "started_at_local": "2020-10-23T14:20:50.920306Z",
                                    "started_at_offset": -25200,
                                    "nics": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "os_info": {
                                      "os_type": "Workstation",
                                      "os_version": "6.3.9600",
                                      "os_platform": "Windows",
                                      "os_architecture": "x86",
                                      "os_release_name": "Microsoft Windows 8.1 Pro"
                                    },
                                    "fully_qualified_host_name": "sahamedw8-1x86",
                                    "plugins": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      },
                                      "endpoint_protection": {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      },
                                      "asset_manager": {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      },
                                      "endpoint_detection_and_response": {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    },
                                    "engine_version": "1.2.0.821",
                                    "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                    "last_user": "SAHAMEDW8-1X86\\Administrator",
                                    "serial_number": "c02thb32g8wn",
                                    "host_name": "sahamedw8-1x86",
                                    "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                    "machine_ip": "216.75.233.210"
                                  }
                                ],
                                "properties": {
                                  "at": {
                                    "type": "string",
                                    "title": "The at schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:51.006558Z"
                                    ]
                                  },
                                  "is_software_update_available": {
                                    "type": "boolean",
                                    "title": "The is_software_update_available schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "started_at_local": {
                                    "type": "string",
                                    "title": "The started_at_local schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:50.920306Z"
                                    ]
                                  },
                                  "started_at_offset": {
                                    "type": "integer",
                                    "title": "The started_at_offset schema",
                                    "default": 0,
                                    "examples": [
                                      -25200
                                    ]
                                  },
                                  "nics": {
                                    "type": "array",
                                    "title": "The nics schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ]
                                    ],
                                    "additionalItems": true,
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "object",
                                          "title": "The first anyOf schema",
                                          "default": {},
                                          "examples": [
                                            {
                                              "ips": [
                                                "10.151.110.52"
                                              ],
                                              "description": "Intel(R) 82574L Gigabit Network Connection",
                                              "mac_address": "005056B91173"
                                            }
                                          ],
                                          "properties": {
                                            "ips": {
                                              "type": "array",
                                              "title": "The ips schema",
                                              "default": [],
                                              "examples": [
                                                [
                                                  "10.151.110.52"
                                                ]
                                              ],
                                              "additionalItems": true,
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "The first anyOf schema",
                                                    "default": "",
                                                    "examples": [
                                                      "10.151.110.52"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "The description schema",
                                              "default": "",
                                              "examples": [
                                                "Intel(R) 82574L Gigabit Network Connection"
                                              ]
                                            },
                                            "mac_address": {
                                              "type": "string",
                                              "title": "The mac_address schema",
                                              "default": "",
                                              "examples": [
                                                "005056B91173"
                                              ]
                                            }
                                          },
                                          "additionalProperties": true
                                        }
                                      ]
                                    }
                                  },
                                  "os_info": {
                                    "type": "object",
                                    "title": "The os_info schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "os_type": "Workstation",
                                        "os_version": "6.3.9600",
                                        "os_platform": "Windows",
                                        "os_architecture": "x86",
                                        "os_release_name": "Microsoft Windows 8.1 Pro"
                                      }
                                    ],
                                    "properties": {
                                      "os_type": {
                                        "type": "string",
                                        "title": "The os_type schema",
                                        "default": "",
                                        "examples": [
                                          "Workstation"
                                        ]
                                      },
                                      "os_version": {
                                        "type": "string",
                                        "title": "The os_version schema",
                                        "default": "",
                                        "examples": [
                                          "6.3.9600"
                                        ]
                                      },
                                      "os_platform": {
                                        "type": "string",
                                        "title": "The os_platform schema",
                                        "default": "",
                                        "examples": [
                                          "Windows"
                                        ]
                                      },
                                      "os_architecture": {
                                        "type": "string",
                                        "title": "The os_architecture schema",
                                        "default": "",
                                        "examples": [
                                          "x86"
                                        ]
                                      },
                                      "os_release_name": {
                                        "type": "string",
                                        "title": "The os_release_name schema",
                                        "default": "",
                                        "examples": [
                                          "Microsoft Windows 8.1 Pro"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "fully_qualified_host_name": {
                                    "type": "string",
                                    "title": "The fully_qualified_host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "plugins": {
                                    "type": "object",
                                    "title": "The plugins schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "windows_remote_intrusion_detection_and_prevention": {
                                          "product_name": "Windows Remote Intrusion Detection and Prevention",
                                          "plugin_version": "1.2.0.21"
                                        },
                                        "endpoint_protection": {
                                          "sdk_version": "4.2.1.90",
                                          "product_name": "Endpoint Protection",
                                          "plugin_version": "1.2.0.844",
                                          "update_package_version": "1.0.31870",
                                          "component_package_version": "1.0.1085",
                                          "reboot_reasons": 0
                                        },
                                        "asset_manager": {
                                          "product_name": "Asset Manager",
                                          "plugin_version": "1.2.0.330",
                                          "reboot_reasons": 0
                                        },
                                        "endpoint_detection_and_response": {
                                          "product_name": "Endpoint Detection and Response",
                                          "plugin_version": "1.2.0.297",
                                          "reboot_reasons": 0
                                        }
                                      }
                                    ],
                                    "properties": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "type": "object",
                                        "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Windows Remote Intrusion Detection and Prevention",
                                            "plugin_version": "1.2.0.21"
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Windows Remote Intrusion Detection and Prevention"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.21"
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_protection": {
                                        "type": "object",
                                        "title": "The endpoint_protection schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "sdk_version": "4.2.1.90",
                                            "product_name": "Endpoint Protection",
                                            "plugin_version": "1.2.0.844",
                                            "update_package_version": "1.0.31870",
                                            "component_package_version": "1.0.1085",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "sdk_version": {
                                            "type": "string",
                                            "title": "The sdk_version schema",
                                            "default": "",
                                            "examples": [
                                              "4.2.1.90"
                                            ]
                                          },
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Protection"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.844"
                                            ]
                                          },
                                          "update_package_version": {
                                            "type": "string",
                                            "title": "The update_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.31870"
                                            ]
                                          },
                                          "component_package_version": {
                                            "type": "string",
                                            "title": "The component_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.1085"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "asset_manager": {
                                        "type": "object",
                                        "title": "The asset_manager schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Asset Manager",
                                            "plugin_version": "1.2.0.330",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Asset Manager"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.330"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_detection_and_response": {
                                        "type": "object",
                                        "title": "The endpoint_detection_and_response schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Endpoint Detection and Response",
                                            "plugin_version": "1.2.0.297",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Detection and Response"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.297"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "engine_version": {
                                    "type": "string",
                                    "title": "The engine_version schema",
                                    "default": "",
                                    "examples": [
                                      "1.2.0.821"
                                    ]
                                  },
                                  "policy_etag": {
                                    "type": "string",
                                    "title": "The policy_etag schema",
                                    "default": "",
                                    "examples": [
                                      "c6ea44914b72c92cba939ac3bd369dc4"
                                    ]
                                  },
                                  "last_user": {
                                    "type": "string",
                                    "title": "The last_user schema",
                                    "default": "",
                                    "examples": [
                                      "SAHAMEDW8-1X86\\Administrator"
                                    ]
                                  },
                                  "host_name": {
                                    "type": "string",
                                    "title": "The host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "machine_id": {
                                    "type": "string",
                                    "title": "The machine_id schema",
                                    "default": "",
                                    "examples": [
                                      "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                    ]
                                  },
                                  "machine_ip": {
                                    "type": "string",
                                    "title": "The machine_ip schema",
                                    "default": "",
                                    "examples": [
                                      "216.75.233.210"
                                    ]
                                  },
                                  "object_guid": {
                                    "type": "string",
                                    "title": "The object_guid schema",
                                    "default": ""
                                  }
                                }
                              },
                              {
                                "title": "Agent information. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "machine_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Machine location. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "source_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Source location for RID category"
                              }
                            ]
                          },
                          "destination_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Destination location for RID category"
                              }
                            ]
                          },
                          "account": {
                            "parent": {
                              "title": "Parent account ID",
                              "type": "string"
                            },
                            "name": {
                              "title": "Account name",
                              "type": "string"
                            },
                            "deleted": {
                              "title": "Account deleted",
                              "type": "boolean"
                            }
                          },
                          "group": {
                            "type": "object",
                            "title": "The Group Schema",
                            "additionalProperties": true
                          },
                          "device_control": {
                            "title": "Device Control. Included if the detection is a device control event.",
                            "type": "object",
                            "properties": {
                              "timestamp": {
                                "type": "string"
                              },
                              "physical_disk_name": {
                                "type": "string"
                              },
                              "device_id": {
                                "type": "string"
                              },
                              "disk_interface": {
                                "type": "string"
                              },
                              "manufacturer": {
                                "type": "string"
                              },
                              "serial_number": {
                                "type": "string"
                              },
                              "drive_compressed": {
                                "type": "boolean"
                              },
                              "file_system": {
                                "type": "string"
                              },
                              "volume_name": {
                                "type": "string"
                              },
                              "volume_serial": {
                                "type": "string"
                              },
                              "volume_device_path": {
                                "type": "string"
                              },
                              "block_status": {
                                "type": "string"
                              },
                              "drive_metadata": {
                                "type": "object",
                                "additionalProperties": true
                              },
                              "path": {
                                "type": "string"
                              },
                              "type": {
                                "type": "array"
                              },
                              "status": {
                                "type": "string"
                              },
                              "exclusion_id": {
                                "type": "string"
                              },
                              "access": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.v2.nebula.search.devicecontrol"
      }
    },
    "/nebula/v1/devicecontrol/search-groupby": {
      "post": {
        "description": "Search device control events groupBy.",
        "summary": "Search device control events groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Device Control Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "additionalProperties": true,
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search device control request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "required": [],
                    "properties": {
                      "protection_status": {
                        "type": "string",
                        "title": "Protection status of the endpoint(s)",
                        "pattern": "(^$|protected|scan_only|unprotected|unknown|pending|mobile_protection)"
                      },
                      "scan_type": {
                        "type": "string",
                        "title": "Type of the scan"
                      },
                      "schedule_id": {
                        "type": "string",
                        "title": "ID of the schedule"
                      },
                      "schedule_etag": {
                        "type": "string",
                        "title": "ETAG of the schedule"
                      },
                      "job_id": {
                        "type": "string",
                        "title": "ID of the job originating this detection"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified domain name"
                      },
                      "engine_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified engine version"
                      },
                      "last_user": {
                        "type": "string",
                        "title": "Last user that logged into the machine"
                      },
                      "last_user.keyword": {
                        "type": "string",
                        "title": "Last user that logged into the machine (exact match). This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "plugins.siem.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by the SIEM plugin"
                      },
                      "plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified SIEM plugin version"
                      },
                      "plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified Browser Phishing Protection plugin version"
                      },
                      "plugins.incident_response.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by IR plugin"
                      },
                      "plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified IR plugin version"
                      },
                      "plugins.endpoint_detection_response.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by EDR plugin"
                      },
                      "plugins.endpoint_detection_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EDR plugin version"
                      },
                      "plugins.endpoint_protection.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by EP plugin"
                      },
                      "plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP update package version"
                      },
                      "plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP component package version"
                      },
                      "plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP SDK version"
                      },
                      "plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified EP plugin version"
                      },
                      "plugins.asset_manager.reboot_reason": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified reboot reason, as reported by asset manager plugin"
                      },
                      "plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified asset manager plugin version"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified, fully qualified host name"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified host name"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified release name of OS"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS architecture"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS version"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified OS type"
                      },
                      "nics.description": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified NICS description"
                      },
                      "nics.mac_address": {
                        "type": "string",
                        "title": "Filter the search to the endpoints with specified NICS MAC address"
                      },
                      "nics.ips": {
                        "type": "string",
                        "format": "ipv4",
                        "title": "Filter the search to the endpoints with specified ips"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints that have the specified host's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search to the endpoints that have the specified, fully_qualified_host's name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "engine_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by engine version. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain name. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "at_after": {
                        "type": "string",
                        "title": "At after cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "at_before": {
                        "type": "string",
                        "title": "At before cursor (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "machine_name.keyword": {
                        "type": "string",
                        "title": "The name of the machine. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "machine_name": {
                        "type": "string",
                        "title": "The name of the machine"
                      },
                      "process_name.keyword": {
                        "type": "string",
                        "title": "The name of the process that originated this detection. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "process_name": {
                        "type": "string",
                        "title": "The name of the process that originated this detection"
                      },
                      "affected_application.keyword": {
                        "type": "string",
                        "title": "The application affected by this detection. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "affected_application": {
                        "type": "string",
                        "title": "The application affected by this detection"
                      },
                      "category": {
                        "type": "string",
                        "title": "The category of this detection"
                      },
                      "md5": {
                        "type": "string",
                        "title": "The md5 hash of this detection"
                      },
                      "sha256": {
                        "type": "string",
                        "title": "The sha256 hash of this detection"
                      },
                      "path.keyword": {
                        "type": "string",
                        "title": "The path where this detection happened. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "path": {
                        "type": "string",
                        "title": "The path where this detection happened"
                      },
                      "type": {
                        "type": "string",
                        "title": "The type of the detection"
                      },
                      "threat_name.keyword": {
                        "type": "string",
                        "title": "The name of the threat. This 'contains' type search will look for the exact match anywhere in the field."
                      },
                      "threat_name": {
                        "type": "string",
                        "title": "The name of the threat"
                      },
                      "status": {
                        "type": "string",
                        "title": "The status of the detection"
                      },
                      "correlation_hash": {
                        "type": "string",
                        "title": "The hash"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "The ID of the group to which the endpoint is assigned (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "The ID of the endpoint (machine) where this detection originated (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "detection_id": {
                        "type": "string",
                        "title": "The ID of the detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "parent_detection_id": {
                        "type": "string",
                        "title": "The ID of the parent detection (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "scan_id": {
                        "type": "string",
                        "title": "The ID of the scan (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "trace_id": {
                        "type": "string",
                        "title": "The ID of the parent trace (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "start_date": {
                        "type": "string",
                        "title": "Get results after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "end_date": {
                        "type": "string",
                        "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "scanned_at_after": {
                        "type": "string",
                        "title": "Get results generated by a scan happening after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "scanned_at_before": {
                        "type": "string",
                        "title": "Get results generated by a scan happening before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "reported_at_after": {
                        "type": "string",
                        "title": "Get results reported after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "reported_at_before": {
                        "type": "string",
                        "title": "Get results reported before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "cleaned_at_after": {
                        "type": "string",
                        "title": "Get results cleaned after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "cleaned_at_before": {
                        "type": "string",
                        "title": "Get results cleaned before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "is_root_detection": {
                        "type": "boolean",
                        "title": "Whether this detection is the root detection"
                      },
                      "is_rtp_stream_event": {
                        "type": "boolean",
                        "title": "Whether this is a Real-Time Protection event"
                      },
                      "object_guid": {
                        "type": "string",
                        "title": "object_guid filter"
                      },
                      "device_control.physical_disk_name": {
                        "type": "string",
                        "title": "Filter the search by device_control.physical_disk_name. Search for an exact match"
                      },
                      "device_control.physical_disk_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.physical_disk_name.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.physical_disk_name": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.physical_disk_name. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.physical_disk_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.physical_disk_name.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.pnp_device_id": {
                        "type": "string",
                        "title": "Filter the search by device_control.pnp_device_id. Search for an exact match"
                      },
                      "device_control.pnp_device_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.pnp_device_id.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.pnp_device_id": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.pnp_device_id. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.pnp_device_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.pnp_device_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.device_id": {
                        "type": "string",
                        "title": "Filter the search by device_control.device_id. Search for an exact match"
                      },
                      "device_control.device_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.device_id.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.device_id": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.device_id. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.device_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.device_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.disk_interface": {
                        "type": "string",
                        "title": "Filter the search by device_control.disk_interface. Search for an exact match"
                      },
                      "device_control.disk_interface.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.disk_interface.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.disk_interface": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.disk_interface. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.disk_interface.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.disk_interface.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.manufacturer": {
                        "type": "string",
                        "title": "Filter the search by device_control.manufacturer. Search for an exact match"
                      },
                      "device_control.manufacturer.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.manufacturer.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.manufacturer": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.manufacturer. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.manufacturer.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.manufacturer.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.serial_number": {
                        "type": "string",
                        "title": "Filter the search by device_control.serial_number. Search for an exact match"
                      },
                      "device_control.serial_number.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.serial_number.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.serial_number": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.serial_number. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.serial_number.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.serial_number.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.file_system": {
                        "type": "string",
                        "title": "Filter the search by device_control.file_system. Search for an exact match"
                      },
                      "device_control.file_system.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.file_system.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.file_system": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.file_system. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.file_system.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.file_system.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.volume_name": {
                        "type": "string",
                        "title": "Filter the search by device_control.volume_name. Search for an exact match"
                      },
                      "device_control.volume_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.volume_name.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.volume_name": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.volume_name. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.volume_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.volume_name.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.volume_serial": {
                        "type": "string",
                        "title": "Filter the search by device_control.volume_serial. Search for an exact match"
                      },
                      "device_control.volume_serial.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.volume_serial.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.volume_serial": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.volume_serial. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.volume_serial.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.volume_serial.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.volume_device_path": {
                        "type": "string",
                        "title": "Filter the search by device_control.volume_device_path. Search for an exact match"
                      },
                      "device_control.volume_device_path.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.volume_device_path.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.volume_device_path": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.volume_device_path. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.volume_device_path.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.volume_device_path.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.block_status": {
                        "type": "string",
                        "title": "Filter the search by device_control.block_status. Search for an exact match"
                      },
                      "device_control.block_status.keyword": {
                        "type": "string",
                        "title": "Filter the search by device_control.block_status.keyword. Search for the matches that contain the value"
                      },
                      "not.device_control.block_status": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.block_status. Search for the matches that are not equal to the value"
                      },
                      "not.device_control.block_status.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.device_control.block_status.keyword. Search for the matches that doesnt contain the value"
                      },
                      "device_control.drive_compressed": {
                        "type": "boolean",
                        "title": "Filter the search by device_control.drive_compressed. Search for an exact match"
                      },
                      "device_control.timestamp_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include device control events that have been occured before the specified date"
                      },
                      "device_control.timestamp_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Results include device control events that have been occured after the specified date"
                      },
                      "device_control.access": {
                        "type": "string",
                        "title": "Access"
                      },
                      "action_taken": {
                        "type": "string",
                        "title": "Filter the search by action_taken. Search for an exact match"
                      },
                      "action_taken.keyword": {
                        "type": "string",
                        "title": "Filter the search by action_taken.keyword. Search for the matches that contain the value"
                      },
                      "not.action_taken": {
                        "type": "string",
                        "title": "Filter the search by not.action_taken. Search for the matches that are not equal to the value"
                      },
                      "not.action_taken.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.action_taken.keyword. Search for the matches that doesnt contain the value"
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "If the sort field is used, then sort_order is required.",
                        "enum": [
                          "trace_id",
                          "scan_id",
                          "machine_id",
                          "group_id",
                          "account_id",
                          "detection_id",
                          "parent_detection_id",
                          "correlation_hash",
                          "status",
                          "threat_name.keyword",
                          "type",
                          "path.keyword",
                          "category",
                          "md5",
                          "sha256",
                          "affected_application.keyword",
                          "process_name.keyword",
                          "machine_name.keyword",
                          "scanned_at",
                          "reported_at",
                          "cleaned_at",
                          "is_root_detection",
                          "is_rtp_stream_event",
                          "object_guid",
                          "device_control.physical_disk_name",
                          "device_control.pnp_device_id",
                          "device_control.device_id",
                          "device_control.disk_interface",
                          "device_control.manufacturer",
                          "device_control.serial_number",
                          "device_control.file_system",
                          "device_control.volume_name",
                          "device_control.volume_serial",
                          "device_control.volume_device_path",
                          "device_control.block_status",
                          "device_control.drive_compressed",
                          "device_control.timestamp"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "trace_id",
                            "scan_id",
                            "machine_id",
                            "group_id",
                            "account_id",
                            "detection_id",
                            "parent_detection_id",
                            "correlation_hash",
                            "status",
                            "threat_name.keyword",
                            "type",
                            "path.keyword",
                            "category",
                            "md5",
                            "affected_application.keyword",
                            "process_name.keyword",
                            "machine_name.keyword",
                            "daily_detections_by_category",
                            "protection_status",
                            "os_info.os_release_name.keyword",
                            "nics.ips",
                            "nics.mac_address",
                            "nics.description.keyword",
                            "os_info.os_type",
                            "os_info.os_version.keyword",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "host_name.keyword",
                            "fully_qualified_host_name.keyword",
                            "plugins.asset_manager.plugin_version.keyword",
                            "plugins.asset_manager.reboot_reason",
                            "plugins.endpoint_protection.plugin_version.keyword",
                            "plugins.endpoint_protection.sdk_version.keyword",
                            "plugins.endpoint_protection.component_package_version.keyword",
                            "plugins.endpoint_protection.update_package_version.keyword",
                            "plugins.endpoint_protection.reboot_reason",
                            "plugins.endpoint_detection_response.plugin_version.keyword",
                            "plugins.endpoint_detection_response.reboot_reason",
                            "plugins.endpoint_detection_and_response.plugin_version.keyword",
                            "plugins.endpoint_detection_and_response.reboot_reason",
                            "plugins.incident_response.plugin_version.keyword",
                            "plugins.incident_response.reboot_reason",
                            "plugins.siem.plugin_version.keyword",
                            "plugins.siem.reboot_reason",
                            "engine_version.keyword",
                            "domain_name.keyword",
                            "policy_etag",
                            "last_user.keyword",
                            "object_guid",
                            "device_control.physical_disk_name",
                            "device_control.pnp_device_id",
                            "device_control.device_id",
                            "device_control.disk_interface",
                            "device_control.manufacturer",
                            "device_control.serial_number",
                            "device_control.file_system",
                            "device_control.volume_name",
                            "device_control.volume_serial",
                            "device_control.volume_device_path",
                            "device_control.block_status",
                            "device_control.drive_compressed",
                            "device_control.timestamp"
                          ]
                        }
                      },
                      "populate": {
                        "type": "object",
                        "title": "The populate object Schema",
                        "properties": {
                          "group": {
                            "type": "boolean",
                            "title": "Populate with the group data"
                          },
                          "endpoint": {
                            "type": "boolean",
                            "title": "Populate with the endpoint data (agent, machine_location)"
                          },
                          "scan_result": {
                            "type": "boolean",
                            "title": "Populate with the scan_result data"
                          }
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean"
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The sort field Schema",
                    "enum": [
                      "account_id",
                      "group_id",
                      "machine_id",
                      "type",
                      "status",
                      "category",
                      "affected_application.keyword",
                      "threat_name.keyword",
                      "process_name.keyword",
                      "action_taken",
                      "os_info.os_type",
                      "os_info.os_platform",
                      "object_guid",
                      "device_control.serial_number",
                      "device_control.physical_disk_name",
                      "device_control.manufacturer",
                      "device_control.volume_serial",
                      "device_control.volume_name"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page_size Schema",
                    "minimum": 50,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The Next_cursor Schema"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Endpoints Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": "string",
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "name": {
                            "type": "string",
                            "title": "The Total Schema"
                          },
                          "tags": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "The Total Schema"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The Total Schema"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The Next_cursor Schema"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Device Control"
        ],
        "operationId": "api.v2.nebula.search.devicecontrol.group"
      }
    },
    "/nebula/v1/rid/rules/export": {
      "post": {
        "description": "Export RID rules",
        "summary": "Export RID rules",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value"
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "required": [],
                      "title": "Query to fetch endpoints",
                      "allOf": [
                        {
                          "$schema": "http://json-schema.org/draft-07/schema",
                          "type": "object",
                          "title": "Search rid rules request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "required": [],
                          "properties": {
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search by nics.mac_address. Search for the documents that contains the value"
                            },
                            "not.nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search by not.nics.mac_address. Search for the documents that does not contain the value"
                            },
                            "nics.mac_address.keyword": {
                              "type": "string",
                              "title": "Filter the search by nics.mac_address.keyword. Search for the documents that equals the value"
                            },
                            "not.nics.mac_address.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.nics.mac_address.keyword. Search for the documents that are not equal to the value"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search by nics.description. Search for the documents that contains the value"
                            },
                            "not.nics.description": {
                              "type": "string",
                              "title": "Filter the search by not.nics.description. Search for the documents that does not contain the value"
                            },
                            "nics.description.keyword": {
                              "type": "string",
                              "title": "Filter the search by nics.description.keyword. Search for the documents that equals the value"
                            },
                            "not.nics.description.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.nics.description.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the documents that contains the value"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type. Search for the documents that does not contain the value"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the documents that contains the value"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version. Search for the documents that does not contain the value"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the documents that contains the value"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform. Search for the documents that does not contain the value"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the documents that contains the value"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture. Search for the documents that does not contain the value"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the documents that contains the value"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name. Search for the documents that does not contain the value"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the documents that contains the value"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by not.host_name. Search for the documents that does not contain the value"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name.keyword. Search for the documents that equals the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.host_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the documents that contains the value"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name. Search for the documents that does not contain the value"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name.keyword. Search for the documents that equals the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.asset_manager.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.asset_manager.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.asset_manager.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.asset_manager.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.asset_manager.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.asset_manager.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.sdk_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.sdk_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.sdk_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.sdk_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.sdk_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.sdk_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.component_package_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.component_package_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.component_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.component_package_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.component_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.component_package_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.update_package_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.update_package_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.update_package_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.update_package_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.incident_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.incident_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.incident_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.incident_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.incident_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.incident_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.siem.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.siem.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.browser_phishing_protection.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.browser_phishing_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.siem.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.siem.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.siem.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.siem.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search by engine_version. Search for the documents that equal the value"
                            },
                            "not.engine_version": {
                              "type": "string",
                              "title": "Filter the search by not.engine_version. Search for the documents that does not equal the value"
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by engine_version.keyword. Search for the documents that equals the value"
                            },
                            "not.engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.engine_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the documents that contains the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name. Search for the documents that does not contain the value"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name.keyword. Search for the documents that equals the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search by policy_etag. Search for the documents that contains the value"
                            },
                            "not.policy_etag": {
                              "type": "string",
                              "title": "Filter the search by not.policy_etag. Search for the documents that does not contain the value"
                            },
                            "policy_etag.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_etag.keyword. Search for the documents that equals the value"
                            },
                            "not.policy_etag.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_etag.keyword. Search for the documents that are not equal to the value"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Filter the search by last_user. Search for the documents that contains the value"
                            },
                            "not.last_user": {
                              "type": "string",
                              "title": "Filter the search by not.last_user. Search for the documents that does not contain the value"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by last_user.keyword. Search for the documents that equals the value"
                            },
                            "not.last_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.last_user.keyword. Search for the documents that are not equal to the value"
                            },
                            "id": {
                              "type": "string",
                              "title": "Filter the search by id. Search for the documents that contains the value"
                            },
                            "not.id": {
                              "type": "string",
                              "title": "Filter the search by not.id. Search for the documents that does not contain the value"
                            },
                            "id.keyword": {
                              "type": "string",
                              "title": "Filter the search by id.keyword. Search for the documents that equals the value"
                            },
                            "not.id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.id.keyword. Search for the documents that are not equal to the value"
                            },
                            "rule_id": {
                              "type": "string",
                              "title": "Filter the search by rule_id. Search for the documents that contains the value"
                            },
                            "not.rule_id": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id. Search for the documents that does not contain the value"
                            },
                            "rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by rule_id.keyword. Search for the documents that equals the value"
                            },
                            "not.rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "origin_id": {
                              "type": "string",
                              "title": "Filter the search by origin_id. Search for the documents that contains the value"
                            },
                            "not.origin_id": {
                              "type": "string",
                              "title": "Filter the search by not.origin_id. Search for the documents that does not contain the value"
                            },
                            "origin_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by origin_id.keyword. Search for the documents that equals the value"
                            },
                            "not.origin_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.origin_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for the documents that contains the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the documents that does not contain the value"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the documents that equals the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "group_ids": {
                              "type": "array",
                              "title": "Filter the search by group_ids. Search for the documents that contains the value",
                              "items": {
                                "type": "string"
                              }
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for the documents that contains the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the documents that does not contain the value"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the documents that equals the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for the documents that contains the value"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id. Search for the documents that does not contain the value"
                            },
                            "root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by root_group_id.keyword. Search for the documents that equals the value"
                            },
                            "not.root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for the documents that contains the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the documents that does not contain the value"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the documents that equals the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search by policy_id. Search for the documents that contains the value"
                            },
                            "not.policy_id": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id. Search for the documents that does not contain the value"
                            },
                            "policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_id.keyword. Search for the documents that equals the value"
                            },
                            "not.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search by policy_name. Search for the documents that contains the value"
                            },
                            "not.policy_name": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name. Search for the documents that does not contain the value"
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_name.keyword. Search for the documents that equals the value"
                            },
                            "not.policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the documents that contains the value"
                            },
                            "not.account_name": {
                              "type": "string",
                              "title": "Filter the search by not.account_name. Search for the documents that does not contain the value"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name.keyword. Search for the documents that equals the value"
                            },
                            "not.account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.account_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "protocol": {
                              "type": "string",
                              "title": "Filter the search by protocol. Search for the documents that contains the value"
                            },
                            "not.protocol": {
                              "type": "string",
                              "title": "Filter the search by not.protocol. Search for the documents that does not contain the value"
                            },
                            "protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by protocol.keyword. Search for the documents that equals the value"
                            },
                            "not.protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.protocol.keyword. Search for the documents that are not equal to the value"
                            },
                            "attack_user": {
                              "type": "string",
                              "title": "Filter the search by attack_user. Search for the documents that contains the value"
                            },
                            "not.attack_user": {
                              "type": "string",
                              "title": "Filter the search by not.attack_user. Search for the documents that does not contain the value"
                            },
                            "attack_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by attack_user.keyword. Search for the documents that equals the value"
                            },
                            "not.attack_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.attack_user.keyword. Search for the documents that are not equal to the value"
                            },
                            "machine_name": {
                              "type": "string",
                              "title": "Filter the search by machine_name. Search for the documents that contains the value"
                            },
                            "not.machine_name": {
                              "type": "string",
                              "title": "Filter the search by not.machine_name. Search for the documents that does not contain the value"
                            },
                            "machine_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_name.keyword. Search for the documents that equals the value"
                            },
                            "not.machine_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "ip": {
                              "type": "string",
                              "title": "Filter the search by the source ip. Search for the documents that match the value"
                            },
                            "not.ip": {
                              "type": "string",
                              "title": "Filter the search by the source not.ip. Search for the documents that does not match the value"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "Filter the search by the destination machine_ip. Search for the documents that match the value"
                            },
                            "not.machine_ip": {
                              "type": "string",
                              "title": "Filter the search by the destination not.machine_ip. Search for the documents that does not match the value"
                            },
                            "deleted": {
                              "type": "boolean",
                              "title": "Filter the search by deleted. Search for the documents that have been deleted"
                            },
                            "create_time_before": {
                              "type": "string",
                              "title": "Filter the search by create_time_before. Search for the documents that occurs before the value"
                            },
                            "create_time_after": {
                              "type": "string",
                              "title": "Filter the search by create_time_after. Search for the documents that occurs after the value"
                            },
                            "expire_time_before": {
                              "type": "string",
                              "title": "Filter the search by expire_time_before. Search for the documents that occurs before the value"
                            },
                            "expire_time_after": {
                              "type": "string",
                              "title": "Filter the search by expire_time_after. Search for the documents that occurs after the value"
                            },
                            "port_lt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_lt. Search for the documents that are less than the value"
                            },
                            "port_lte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_lte. Search for the documents that are less than the value"
                            },
                            "port_gt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_gt. Search for the documents that are greater than the value"
                            },
                            "port_gte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_gte. Search for the documents that are greater than the value"
                            },
                            "attempts_lt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_lt. Search for the documents that are less than the value"
                            },
                            "attempts_lte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_lte. Search for the documents that are less than the value"
                            },
                            "attempts_gt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_gt. Search for the documents that are greater than the value"
                            },
                            "attempts_gte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_gte. Search for the documents that are greater than the value"
                            },
                            "duration_lt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_lt. Search for the documents that are less than the value"
                            },
                            "duration_lte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_lte. Search for the documents that are less than the value"
                            },
                            "duration_gt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_gt. Search for the documents that are greater than the value"
                            },
                            "duration_gte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_gte. Search for the documents that are greater than the value"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Filter the search by source_location.city. Search for the documents that contains the value"
                            },
                            "not.source_location.city": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.city. Search for the documents that does not contain the value"
                            },
                            "source_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.city.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.city.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Filter the search by source_location.country. Search for the documents that contains the value"
                            },
                            "not.source_location.country": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country. Search for the documents that does not contain the value"
                            },
                            "source_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.country.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by source_location.country_iso. Search for the documents that contains the value"
                            },
                            "not.source_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country_iso. Search for the documents that does not contain the value"
                            },
                            "source_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.country_iso.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country_iso.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Filter the search by source_location.continent. Search for the documents that contains the value"
                            },
                            "not.source_location.continent": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.continent. Search for the documents that does not contain the value"
                            },
                            "source_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.continent.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.continent.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by source_location.time_zone. Search for the documents that contains the value"
                            },
                            "not.source_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.time_zone. Search for the documents that does not contain the value"
                            },
                            "source_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.time_zone.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.time_zone.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by source_location.postal_code. Search for the documents that contains the value"
                            },
                            "not.source_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.postal_code. Search for the documents that does not contain the value"
                            },
                            "source_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.postal_code.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.postal_code.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by source_location.subdivisions. Search for the documents that contains the value"
                            },
                            "not.source_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.subdivisions. Search for the documents that does not contain the value"
                            },
                            "source_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.subdivisions.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.city": {
                              "type": "string",
                              "title": "Filter the search by destination_location.city. Search for the documents that contains the value"
                            },
                            "not.destination_location.city": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.city. Search for the documents that does not contain the value"
                            },
                            "destination_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.city.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.city.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.country": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country. Search for the documents that contains the value"
                            },
                            "not.destination_location.country": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country. Search for the documents that does not contain the value"
                            },
                            "destination_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country_iso. Search for the documents that contains the value"
                            },
                            "not.destination_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country_iso. Search for the documents that does not contain the value"
                            },
                            "destination_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country_iso.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country_iso.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.continent": {
                              "type": "string",
                              "title": "Filter the search by destination_location.continent. Search for the documents that contains the value"
                            },
                            "not.destination_location.continent": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.continent. Search for the documents that does not contain the value"
                            },
                            "destination_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.continent.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.continent.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by destination_location.time_zone. Search for the documents that contains the value"
                            },
                            "not.destination_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.time_zone. Search for the documents that does not contain the value"
                            },
                            "destination_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.time_zone.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.time_zone.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by destination_location.postal_code. Search for the documents that contains the value"
                            },
                            "not.destination_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.postal_code. Search for the documents that does not contain the value"
                            },
                            "destination_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.postal_code.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.postal_code.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by destination_location.subdivisions. Search for the documents that contains the value"
                            },
                            "not.destination_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.subdivisions. Search for the documents that does not contain the value"
                            },
                            "destination_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.subdivisions.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "default": "expire_time",
                              "enum": [
                                "id",
                                "rule_id",
                                "origin_id",
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "account_name",
                                "port",
                                "attempts",
                                "duration",
                                "protocol",
                                "attack_user",
                                "machine_ip",
                                "ip",
                                "create_time",
                                "expire_time",
                                "deleted",
                                "machine_name",
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description.keyword",
                                "os_info.os_type",
                                "os_info.os_version.keyword",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name.keyword",
                                "host_name.keyword",
                                "fully_qualified_host_name.keyword",
                                "plugins.asset_manager.plugin_version.keyword",
                                "plugins.asset_manager.reboot_reasons",
                                "plugins.endpoint_protection.plugin_version.keyword",
                                "plugins.endpoint_protection.sdk_version.keyword",
                                "plugins.endpoint_protection.component_package_version.keyword",
                                "plugins.endpoint_protection.update_package_version.keyword",
                                "plugins.endpoint_protection.reboot_reasons",
                                "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                "plugins.endpoint_detection_and_response.reboot_reasons",
                                "plugins.incident_response.plugin_version.keyword",
                                "plugins.incident_response.reboot_reasons",
                                "plugins.siem.plugin_version.keyword",
                                "plugins.browser_phishing_protection.plugin_version.keyword",
                                "plugins.siem.reboot_reasons",
                                "engine_version.keyword",
                                "domain_name.keyword",
                                "policy_etag",
                                "source_location.city",
                                "source_location.country",
                                "source_location.country_iso",
                                "source_location.continent",
                                "source_location.time_zone",
                                "source_location.postal_code",
                                "source_location.subdivisions",
                                "destination_location.city",
                                "destination_location.country",
                                "destination_location.country_iso",
                                "destination_location.continent",
                                "destination_location.time_zone",
                                "destination_location.postal_code",
                                "destination_location.subdivisions"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "protection_status",
                                  "os_info.os_release_name.keyword",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description.keyword",
                                  "os_info.os_type",
                                  "os_info.os_version.keyword",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name.keyword",
                                  "fully_qualified_host_name.keyword",
                                  "plugins.asset_manager.plugin_version.keyword",
                                  "plugins.asset_manager.reboot_reasons",
                                  "plugins.endpoint_protection.plugin_version.keyword",
                                  "plugins.endpoint_protection.sdk_version.keyword",
                                  "plugins.endpoint_protection.component_package_version.keyword",
                                  "plugins.endpoint_protection.update_package_version.keyword",
                                  "plugins.endpoint_protection.reboot_reasons",
                                  "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                  "plugins.endpoint_detection_and_response.reboot_reasons",
                                  "plugins.incident_response.plugin_version.keyword",
                                  "plugins.incident_response.reboot_reasons",
                                  "plugins.siem.plugin_version.keyword",
                                  "plugins.siem.reboot_reasons",
                                  "engine_version.keyword",
                                  "domain_name.keyword",
                                  "policy_etag",
                                  "last_user.keyword",
                                  "is_software_update_available",
                                  "origin_id",
                                  "machine_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "port",
                                  "protocol",
                                  "attack_user",
                                  "machine_ip",
                                  "ip",
                                  "deleted",
                                  "machine_name",
                                  "source_location.city",
                                  "source_location.country",
                                  "source_location.country_iso",
                                  "source_location.continent",
                                  "source_location.time_zone",
                                  "source_location.postal_code",
                                  "source_location.subdivisions",
                                  "destination_location.city",
                                  "destination_location.country",
                                  "destination_location.country_iso",
                                  "destination_location.continent",
                                  "destination_location.time_zone",
                                  "destination_location.postal_code",
                                  "destination_location.subdivisions"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Remote Intrusion Detection"
        ],
        "operationId": "api.v2.nebula.post.export.rid"
      }
    },
    "/nebula/v1/rid/rules/export/async": {
      "post": {
        "description": "Export RID rules",
        "summary": "Export RID rules asynchronously",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value"
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "required": [],
                      "title": "Query to fetch endpoints",
                      "allOf": [
                        {
                          "$schema": "http://json-schema.org/draft-07/schema",
                          "type": "object",
                          "title": "Search rid rules request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "required": [],
                          "properties": {
                            "nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search by nics.mac_address. Search for the documents that contains the value"
                            },
                            "not.nics.mac_address": {
                              "type": "string",
                              "title": "Filter the search by not.nics.mac_address. Search for the documents that does not contain the value"
                            },
                            "nics.mac_address.keyword": {
                              "type": "string",
                              "title": "Filter the search by nics.mac_address.keyword. Search for the documents that equals the value"
                            },
                            "not.nics.mac_address.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.nics.mac_address.keyword. Search for the documents that are not equal to the value"
                            },
                            "nics.description": {
                              "type": "string",
                              "title": "Filter the search by nics.description. Search for the documents that contains the value"
                            },
                            "not.nics.description": {
                              "type": "string",
                              "title": "Filter the search by not.nics.description. Search for the documents that does not contain the value"
                            },
                            "nics.description.keyword": {
                              "type": "string",
                              "title": "Filter the search by nics.description.keyword. Search for the documents that equals the value"
                            },
                            "not.nics.description.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.nics.description.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for the documents that contains the value"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type. Search for the documents that does not contain the value"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for the documents that contains the value"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version. Search for the documents that does not contain the value"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for the documents that contains the value"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform. Search for the documents that does not contain the value"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for the documents that contains the value"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture. Search for the documents that does not contain the value"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the documents that are not equal to the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for the documents that contains the value"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name. Search for the documents that does not contain the value"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name.keyword. Search for the documents that equals the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for the documents that contains the value"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by not.host_name. Search for the documents that does not contain the value"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name.keyword. Search for the documents that equals the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.host_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for the documents that contains the value"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name. Search for the documents that does not contain the value"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name.keyword. Search for the documents that equals the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.asset_manager.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.asset_manager.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.asset_manager.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.asset_manager.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.asset_manager.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.asset_manager.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.asset_manager.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.asset_manager.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.asset_manager.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.sdk_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.sdk_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.sdk_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.sdk_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.sdk_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.sdk_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.sdk_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.component_package_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.component_package_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.component_package_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.component_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.component_package_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.component_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.component_package_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.update_package_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.update_package_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.update_package_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.update_package_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.update_package_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.update_package_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_protection.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_protection.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_protection.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_detection_and_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.incident_response.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.incident_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.incident_response.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.incident_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.incident_response.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.incident_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.incident_response.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.incident_response.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.incident_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.siem.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.siem.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.siem.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by plugins.browser_phishing_protection.plugin_version. Search for the documents that contains the value"
                            },
                            "not.plugins.browser_phishing_protection.plugin_version": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version. Search for the documents that does not contain the value"
                            },
                            "plugins.browser_phishing_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "plugins.siem.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.reboot_reasons. Search for the documents that contains the value"
                            },
                            "not.plugins.siem.reboot_reasons": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.reboot_reasons. Search for the documents that does not contain the value"
                            },
                            "plugins.siem.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by plugins.siem.reboot_reasons.keyword. Search for the documents that equals the value"
                            },
                            "not.plugins.siem.reboot_reasons.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.plugins.siem.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter the search by engine_version. Search for the documents that equal the value"
                            },
                            "not.engine_version": {
                              "type": "string",
                              "title": "Filter the search by not.engine_version. Search for the documents that does not equal the value"
                            },
                            "engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by engine_version.keyword. Search for the documents that equals the value"
                            },
                            "not.engine_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.engine_version.keyword. Search for the documents that are not equal to the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for the documents that contains the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name. Search for the documents that does not contain the value"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name.keyword. Search for the documents that equals the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "policy_etag": {
                              "type": "string",
                              "title": "Filter the search by policy_etag. Search for the documents that contains the value"
                            },
                            "not.policy_etag": {
                              "type": "string",
                              "title": "Filter the search by not.policy_etag. Search for the documents that does not contain the value"
                            },
                            "policy_etag.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_etag.keyword. Search for the documents that equals the value"
                            },
                            "not.policy_etag.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_etag.keyword. Search for the documents that are not equal to the value"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Filter the search by last_user. Search for the documents that contains the value"
                            },
                            "not.last_user": {
                              "type": "string",
                              "title": "Filter the search by not.last_user. Search for the documents that does not contain the value"
                            },
                            "last_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by last_user.keyword. Search for the documents that equals the value"
                            },
                            "not.last_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.last_user.keyword. Search for the documents that are not equal to the value"
                            },
                            "id": {
                              "type": "string",
                              "title": "Filter the search by id. Search for the documents that contains the value"
                            },
                            "not.id": {
                              "type": "string",
                              "title": "Filter the search by not.id. Search for the documents that does not contain the value"
                            },
                            "id.keyword": {
                              "type": "string",
                              "title": "Filter the search by id.keyword. Search for the documents that equals the value"
                            },
                            "not.id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.id.keyword. Search for the documents that are not equal to the value"
                            },
                            "rule_id": {
                              "type": "string",
                              "title": "Filter the search by rule_id. Search for the documents that contains the value"
                            },
                            "not.rule_id": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id. Search for the documents that does not contain the value"
                            },
                            "rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by rule_id.keyword. Search for the documents that equals the value"
                            },
                            "not.rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "origin_id": {
                              "type": "string",
                              "title": "Filter the search by origin_id. Search for the documents that contains the value"
                            },
                            "not.origin_id": {
                              "type": "string",
                              "title": "Filter the search by not.origin_id. Search for the documents that does not contain the value"
                            },
                            "origin_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by origin_id.keyword. Search for the documents that equals the value"
                            },
                            "not.origin_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.origin_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for the documents that contains the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the documents that does not contain the value"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the documents that equals the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "group_ids": {
                              "type": "array",
                              "title": "Filter the search by group_ids. Search for the documents that contains the value",
                              "items": {
                                "type": "string"
                              }
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for the documents that contains the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the documents that does not contain the value"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the documents that equals the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for the documents that contains the value"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id. Search for the documents that does not contain the value"
                            },
                            "root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by root_group_id.keyword. Search for the documents that equals the value"
                            },
                            "not.root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for the documents that contains the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the documents that does not contain the value"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the documents that equals the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search by policy_id. Search for the documents that contains the value"
                            },
                            "not.policy_id": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id. Search for the documents that does not contain the value"
                            },
                            "policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_id.keyword. Search for the documents that equals the value"
                            },
                            "not.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id.keyword. Search for the documents that are not equal to the value"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search by policy_name. Search for the documents that contains the value"
                            },
                            "not.policy_name": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name. Search for the documents that does not contain the value"
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_name.keyword. Search for the documents that equals the value"
                            },
                            "not.policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for the documents that contains the value"
                            },
                            "not.account_name": {
                              "type": "string",
                              "title": "Filter the search by not.account_name. Search for the documents that does not contain the value"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name.keyword. Search for the documents that equals the value"
                            },
                            "not.account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.account_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "protocol": {
                              "type": "string",
                              "title": "Filter the search by protocol. Search for the documents that contains the value"
                            },
                            "not.protocol": {
                              "type": "string",
                              "title": "Filter the search by not.protocol. Search for the documents that does not contain the value"
                            },
                            "protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by protocol.keyword. Search for the documents that equals the value"
                            },
                            "not.protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.protocol.keyword. Search for the documents that are not equal to the value"
                            },
                            "attack_user": {
                              "type": "string",
                              "title": "Filter the search by attack_user. Search for the documents that contains the value"
                            },
                            "not.attack_user": {
                              "type": "string",
                              "title": "Filter the search by not.attack_user. Search for the documents that does not contain the value"
                            },
                            "attack_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by attack_user.keyword. Search for the documents that equals the value"
                            },
                            "not.attack_user.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.attack_user.keyword. Search for the documents that are not equal to the value"
                            },
                            "machine_name": {
                              "type": "string",
                              "title": "Filter the search by machine_name. Search for the documents that contains the value"
                            },
                            "not.machine_name": {
                              "type": "string",
                              "title": "Filter the search by not.machine_name. Search for the documents that does not contain the value"
                            },
                            "machine_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_name.keyword. Search for the documents that equals the value"
                            },
                            "not.machine_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_name.keyword. Search for the documents that are not equal to the value"
                            },
                            "ip": {
                              "type": "string",
                              "title": "Filter the search by the source ip. Search for the documents that match the value"
                            },
                            "not.ip": {
                              "type": "string",
                              "title": "Filter the search by the source not.ip. Search for the documents that does not match the value"
                            },
                            "machine_ip": {
                              "type": "string",
                              "title": "Filter the search by the destination machine_ip. Search for the documents that match the value"
                            },
                            "not.machine_ip": {
                              "type": "string",
                              "title": "Filter the search by the destination not.machine_ip. Search for the documents that does not match the value"
                            },
                            "deleted": {
                              "type": "boolean",
                              "title": "Filter the search by deleted. Search for the documents that have been deleted"
                            },
                            "create_time_before": {
                              "type": "string",
                              "title": "Filter the search by create_time_before. Search for the documents that occurs before the value"
                            },
                            "create_time_after": {
                              "type": "string",
                              "title": "Filter the search by create_time_after. Search for the documents that occurs after the value"
                            },
                            "expire_time_before": {
                              "type": "string",
                              "title": "Filter the search by expire_time_before. Search for the documents that occurs before the value"
                            },
                            "expire_time_after": {
                              "type": "string",
                              "title": "Filter the search by expire_time_after. Search for the documents that occurs after the value"
                            },
                            "port_lt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_lt. Search for the documents that are less than the value"
                            },
                            "port_lte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_lte. Search for the documents that are less than the value"
                            },
                            "port_gt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_gt. Search for the documents that are greater than the value"
                            },
                            "port_gte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by port_gte. Search for the documents that are greater than the value"
                            },
                            "attempts_lt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_lt. Search for the documents that are less than the value"
                            },
                            "attempts_lte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_lte. Search for the documents that are less than the value"
                            },
                            "attempts_gt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_gt. Search for the documents that are greater than the value"
                            },
                            "attempts_gte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by attempts_gte. Search for the documents that are greater than the value"
                            },
                            "duration_lt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_lt. Search for the documents that are less than the value"
                            },
                            "duration_lte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_lte. Search for the documents that are less than the value"
                            },
                            "duration_gt": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_gt. Search for the documents that are greater than the value"
                            },
                            "duration_gte": {
                              "type": [
                                "integer",
                                "string"
                              ],
                              "pattern": "^\\d+$",
                              "title": "Filter the search by duration_gte. Search for the documents that are greater than the value"
                            },
                            "source_location.city": {
                              "type": "string",
                              "title": "Filter the search by source_location.city. Search for the documents that contains the value"
                            },
                            "not.source_location.city": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.city. Search for the documents that does not contain the value"
                            },
                            "source_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.city.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.city.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.country": {
                              "type": "string",
                              "title": "Filter the search by source_location.country. Search for the documents that contains the value"
                            },
                            "not.source_location.country": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country. Search for the documents that does not contain the value"
                            },
                            "source_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.country.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by source_location.country_iso. Search for the documents that contains the value"
                            },
                            "not.source_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country_iso. Search for the documents that does not contain the value"
                            },
                            "source_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.country_iso.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.country_iso.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.continent": {
                              "type": "string",
                              "title": "Filter the search by source_location.continent. Search for the documents that contains the value"
                            },
                            "not.source_location.continent": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.continent. Search for the documents that does not contain the value"
                            },
                            "source_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.continent.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.continent.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by source_location.time_zone. Search for the documents that contains the value"
                            },
                            "not.source_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.time_zone. Search for the documents that does not contain the value"
                            },
                            "source_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.time_zone.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.time_zone.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by source_location.postal_code. Search for the documents that contains the value"
                            },
                            "not.source_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.postal_code. Search for the documents that does not contain the value"
                            },
                            "source_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.postal_code.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.postal_code.keyword. Search for the documents that are not equal to the value"
                            },
                            "source_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by source_location.subdivisions. Search for the documents that contains the value"
                            },
                            "not.source_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.subdivisions. Search for the documents that does not contain the value"
                            },
                            "source_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by source_location.subdivisions.keyword. Search for the documents that equals the value"
                            },
                            "not.source_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.source_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.city": {
                              "type": "string",
                              "title": "Filter the search by destination_location.city. Search for the documents that contains the value"
                            },
                            "not.destination_location.city": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.city. Search for the documents that does not contain the value"
                            },
                            "destination_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.city.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.city.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.city.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.country": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country. Search for the documents that contains the value"
                            },
                            "not.destination_location.country": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country. Search for the documents that does not contain the value"
                            },
                            "destination_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.country.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country_iso. Search for the documents that contains the value"
                            },
                            "not.destination_location.country_iso": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country_iso. Search for the documents that does not contain the value"
                            },
                            "destination_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.country_iso.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.country_iso.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.country_iso.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.continent": {
                              "type": "string",
                              "title": "Filter the search by destination_location.continent. Search for the documents that contains the value"
                            },
                            "not.destination_location.continent": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.continent. Search for the documents that does not contain the value"
                            },
                            "destination_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.continent.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.continent.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.continent.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by destination_location.time_zone. Search for the documents that contains the value"
                            },
                            "not.destination_location.time_zone": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.time_zone. Search for the documents that does not contain the value"
                            },
                            "destination_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.time_zone.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.time_zone.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.time_zone.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by destination_location.postal_code. Search for the documents that contains the value"
                            },
                            "not.destination_location.postal_code": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.postal_code. Search for the documents that does not contain the value"
                            },
                            "destination_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.postal_code.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.postal_code.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.postal_code.keyword. Search for the documents that are not equal to the value"
                            },
                            "destination_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by destination_location.subdivisions. Search for the documents that contains the value"
                            },
                            "not.destination_location.subdivisions": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.subdivisions. Search for the documents that does not contain the value"
                            },
                            "destination_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by destination_location.subdivisions.keyword. Search for the documents that equals the value"
                            },
                            "not.destination_location.subdivisions.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.destination_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "default": "expire_time",
                              "enum": [
                                "id",
                                "rule_id",
                                "origin_id",
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "account_name",
                                "port",
                                "attempts",
                                "duration",
                                "protocol",
                                "attack_user",
                                "machine_ip",
                                "ip",
                                "create_time",
                                "expire_time",
                                "deleted",
                                "machine_name",
                                "at",
                                "nics.ips",
                                "nics.mac_address",
                                "nics.description.keyword",
                                "os_info.os_type",
                                "os_info.os_version.keyword",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name.keyword",
                                "host_name.keyword",
                                "fully_qualified_host_name.keyword",
                                "plugins.asset_manager.plugin_version.keyword",
                                "plugins.asset_manager.reboot_reasons",
                                "plugins.endpoint_protection.plugin_version.keyword",
                                "plugins.endpoint_protection.sdk_version.keyword",
                                "plugins.endpoint_protection.component_package_version.keyword",
                                "plugins.endpoint_protection.update_package_version.keyword",
                                "plugins.endpoint_protection.reboot_reasons",
                                "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                "plugins.endpoint_detection_and_response.reboot_reasons",
                                "plugins.incident_response.plugin_version.keyword",
                                "plugins.incident_response.reboot_reasons",
                                "plugins.siem.plugin_version.keyword",
                                "plugins.browser_phishing_protection.plugin_version.keyword",
                                "plugins.siem.reboot_reasons",
                                "engine_version.keyword",
                                "domain_name.keyword",
                                "policy_etag",
                                "source_location.city",
                                "source_location.country",
                                "source_location.country_iso",
                                "source_location.continent",
                                "source_location.time_zone",
                                "source_location.postal_code",
                                "source_location.subdivisions",
                                "destination_location.city",
                                "destination_location.country",
                                "destination_location.country_iso",
                                "destination_location.continent",
                                "destination_location.time_zone",
                                "destination_location.postal_code",
                                "destination_location.subdivisions"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "protection_status",
                                  "os_info.os_release_name.keyword",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description.keyword",
                                  "os_info.os_type",
                                  "os_info.os_version.keyword",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name.keyword",
                                  "fully_qualified_host_name.keyword",
                                  "plugins.asset_manager.plugin_version.keyword",
                                  "plugins.asset_manager.reboot_reasons",
                                  "plugins.endpoint_protection.plugin_version.keyword",
                                  "plugins.endpoint_protection.sdk_version.keyword",
                                  "plugins.endpoint_protection.component_package_version.keyword",
                                  "plugins.endpoint_protection.update_package_version.keyword",
                                  "plugins.endpoint_protection.reboot_reasons",
                                  "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                  "plugins.endpoint_detection_and_response.reboot_reasons",
                                  "plugins.incident_response.plugin_version.keyword",
                                  "plugins.incident_response.reboot_reasons",
                                  "plugins.siem.plugin_version.keyword",
                                  "plugins.siem.reboot_reasons",
                                  "engine_version.keyword",
                                  "domain_name.keyword",
                                  "policy_etag",
                                  "last_user.keyword",
                                  "is_software_update_available",
                                  "origin_id",
                                  "machine_id",
                                  "group_id",
                                  "root_group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "port",
                                  "protocol",
                                  "attack_user",
                                  "machine_ip",
                                  "ip",
                                  "deleted",
                                  "machine_name",
                                  "source_location.city",
                                  "source_location.country",
                                  "source_location.country_iso",
                                  "source_location.continent",
                                  "source_location.time_zone",
                                  "source_location.postal_code",
                                  "source_location.subdivisions",
                                  "destination_location.city",
                                  "destination_location.country",
                                  "destination_location.country_iso",
                                  "destination_location.continent",
                                  "destination_location.time_zone",
                                  "destination_location.postal_code",
                                  "destination_location.subdivisions"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Remote Intrusion Detection"
        ],
        "operationId": "api.v2.nebula.post.export.rid.async"
      }
    },
    "/nebula/v1/rid/rules": {
      "post": {
        "description": "Search RID rules",
        "summary": "Search RID rules",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$schema": "http://json-schema.org/draft-07/schema",
                "type": "object",
                "title": "Search rid rules request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "required": [],
                "properties": {
                  "nics.mac_address": {
                    "type": "string",
                    "title": "Filter the search by nics.mac_address. Search for the documents that contains the value"
                  },
                  "not.nics.mac_address": {
                    "type": "string",
                    "title": "Filter the search by not.nics.mac_address. Search for the documents that does not contain the value"
                  },
                  "nics.mac_address.keyword": {
                    "type": "string",
                    "title": "Filter the search by nics.mac_address.keyword. Search for the documents that equals the value"
                  },
                  "not.nics.mac_address.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.nics.mac_address.keyword. Search for the documents that are not equal to the value"
                  },
                  "nics.description": {
                    "type": "string",
                    "title": "Filter the search by nics.description. Search for the documents that contains the value"
                  },
                  "not.nics.description": {
                    "type": "string",
                    "title": "Filter the search by not.nics.description. Search for the documents that does not contain the value"
                  },
                  "nics.description.keyword": {
                    "type": "string",
                    "title": "Filter the search by nics.description.keyword. Search for the documents that equals the value"
                  },
                  "not.nics.description.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.nics.description.keyword. Search for the documents that are not equal to the value"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for the documents that contains the value"
                  },
                  "not.os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_type. Search for the documents that does not contain the value"
                  },
                  "os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type.keyword. Search for the documents that equals the value"
                  },
                  "not.os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_type.keyword. Search for the documents that are not equal to the value"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for the documents that contains the value"
                  },
                  "not.os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_version. Search for the documents that does not contain the value"
                  },
                  "os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version.keyword. Search for the documents that equals the value"
                  },
                  "not.os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for the documents that contains the value"
                  },
                  "not.os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_platform. Search for the documents that does not contain the value"
                  },
                  "os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform.keyword. Search for the documents that equals the value"
                  },
                  "not.os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_platform.keyword. Search for the documents that are not equal to the value"
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for the documents that contains the value"
                  },
                  "not.os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_architecture. Search for the documents that does not contain the value"
                  },
                  "os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture.keyword. Search for the documents that equals the value"
                  },
                  "not.os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the documents that are not equal to the value"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for the documents that contains the value"
                  },
                  "not.os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_release_name. Search for the documents that does not contain the value"
                  },
                  "os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name.keyword. Search for the documents that equals the value"
                  },
                  "not.os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for the documents that contains the value"
                  },
                  "not.host_name": {
                    "type": "string",
                    "title": "Filter the search by not.host_name. Search for the documents that does not contain the value"
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by host_name.keyword. Search for the documents that equals the value"
                  },
                  "not.host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.host_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for the documents that contains the value"
                  },
                  "not.fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by not.fully_qualified_host_name. Search for the documents that does not contain the value"
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name.keyword. Search for the documents that equals the value"
                  },
                  "not.fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.asset_manager.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.asset_manager.plugin_version. Search for the documents that contains the value"
                  },
                  "not.plugins.asset_manager.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.asset_manager.plugin_version. Search for the documents that does not contain the value"
                  },
                  "plugins.asset_manager.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.asset_manager.plugin_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.asset_manager.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.asset_manager.plugin_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.asset_manager.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by plugins.asset_manager.reboot_reasons. Search for the documents that contains the value"
                  },
                  "not.plugins.asset_manager.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.asset_manager.reboot_reasons. Search for the documents that does not contain the value"
                  },
                  "plugins.asset_manager.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.asset_manager.reboot_reasons.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.asset_manager.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.asset_manager.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.plugin_version. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.plugin_version. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_protection.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.plugin_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_protection.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_protection.sdk_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.sdk_version. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_protection.sdk_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.sdk_version. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_protection.sdk_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.sdk_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_protection.sdk_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.sdk_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_protection.component_package_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.component_package_version. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_protection.component_package_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.component_package_version. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_protection.component_package_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.component_package_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_protection.component_package_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.component_package_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_protection.update_package_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.update_package_version. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_protection.update_package_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.update_package_version. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_protection.update_package_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.update_package_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_protection.update_package_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.update_package_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_protection.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.reboot_reasons. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_protection.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_protection.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_detection_and_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_detection_and_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.endpoint_detection_and_response.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that contains the value"
                  },
                  "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that does not contain the value"
                  },
                  "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.incident_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.incident_response.plugin_version. Search for the documents that contains the value"
                  },
                  "not.plugins.incident_response.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.incident_response.plugin_version. Search for the documents that does not contain the value"
                  },
                  "plugins.incident_response.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.incident_response.plugin_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.incident_response.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.incident_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.incident_response.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by plugins.incident_response.reboot_reasons. Search for the documents that contains the value"
                  },
                  "not.plugins.incident_response.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.incident_response.reboot_reasons. Search for the documents that does not contain the value"
                  },
                  "plugins.incident_response.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.incident_response.reboot_reasons.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.incident_response.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.incident_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.siem.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.siem.plugin_version. Search for the documents that contains the value"
                  },
                  "not.plugins.siem.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.siem.plugin_version. Search for the documents that does not contain the value"
                  },
                  "plugins.siem.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.siem.plugin_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.siem.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.siem.plugin_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.browser_phishing_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by plugins.browser_phishing_protection.plugin_version. Search for the documents that contains the value"
                  },
                  "not.plugins.browser_phishing_protection.plugin_version": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version. Search for the documents that does not contain the value"
                  },
                  "plugins.browser_phishing_protection.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "plugins.siem.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by plugins.siem.reboot_reasons. Search for the documents that contains the value"
                  },
                  "not.plugins.siem.reboot_reasons": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.siem.reboot_reasons. Search for the documents that does not contain the value"
                  },
                  "plugins.siem.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by plugins.siem.reboot_reasons.keyword. Search for the documents that equals the value"
                  },
                  "not.plugins.siem.reboot_reasons.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.plugins.siem.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                  },
                  "engine_version": {
                    "type": "string",
                    "title": "Filter the search by engine_version. Search for the documents that equal the value"
                  },
                  "not.engine_version": {
                    "type": "string",
                    "title": "Filter the search by not.engine_version. Search for the documents that does not equal the value"
                  },
                  "engine_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by engine_version.keyword. Search for the documents that equals the value"
                  },
                  "not.engine_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.engine_version.keyword. Search for the documents that are not equal to the value"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for the documents that contains the value"
                  },
                  "not.domain_name": {
                    "type": "string",
                    "title": "Filter the search by not.domain_name. Search for the documents that does not contain the value"
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain_name.keyword. Search for the documents that equals the value"
                  },
                  "not.domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.domain_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "policy_etag": {
                    "type": "string",
                    "title": "Filter the search by policy_etag. Search for the documents that contains the value"
                  },
                  "not.policy_etag": {
                    "type": "string",
                    "title": "Filter the search by not.policy_etag. Search for the documents that does not contain the value"
                  },
                  "policy_etag.keyword": {
                    "type": "string",
                    "title": "Filter the search by policy_etag.keyword. Search for the documents that equals the value"
                  },
                  "not.policy_etag.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.policy_etag.keyword. Search for the documents that are not equal to the value"
                  },
                  "last_user": {
                    "type": "string",
                    "title": "Filter the search by last_user. Search for the documents that contains the value"
                  },
                  "not.last_user": {
                    "type": "string",
                    "title": "Filter the search by not.last_user. Search for the documents that does not contain the value"
                  },
                  "last_user.keyword": {
                    "type": "string",
                    "title": "Filter the search by last_user.keyword. Search for the documents that equals the value"
                  },
                  "not.last_user.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.last_user.keyword. Search for the documents that are not equal to the value"
                  },
                  "id": {
                    "type": "string",
                    "title": "Filter the search by id. Search for the documents that contains the value"
                  },
                  "not.id": {
                    "type": "string",
                    "title": "Filter the search by not.id. Search for the documents that does not contain the value"
                  },
                  "id.keyword": {
                    "type": "string",
                    "title": "Filter the search by id.keyword. Search for the documents that equals the value"
                  },
                  "not.id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.id.keyword. Search for the documents that are not equal to the value"
                  },
                  "rule_id": {
                    "type": "string",
                    "title": "Filter the search by rule_id. Search for the documents that contains the value"
                  },
                  "not.rule_id": {
                    "type": "string",
                    "title": "Filter the search by not.rule_id. Search for the documents that does not contain the value"
                  },
                  "rule_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by rule_id.keyword. Search for the documents that equals the value"
                  },
                  "not.rule_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.rule_id.keyword. Search for the documents that are not equal to the value"
                  },
                  "origin_id": {
                    "type": "string",
                    "title": "Filter the search by origin_id. Search for the documents that contains the value"
                  },
                  "not.origin_id": {
                    "type": "string",
                    "title": "Filter the search by not.origin_id. Search for the documents that does not contain the value"
                  },
                  "origin_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by origin_id.keyword. Search for the documents that equals the value"
                  },
                  "not.origin_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.origin_id.keyword. Search for the documents that are not equal to the value"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Filter the search by machine_id. Search for the documents that contains the value"
                  },
                  "not.machine_id": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id. Search for the documents that does not contain the value"
                  },
                  "machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by machine_id.keyword. Search for the documents that equals the value"
                  },
                  "not.machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id.keyword. Search for the documents that are not equal to the value"
                  },
                  "group_ids": {
                    "type": "array",
                    "title": "Filter the search by group_ids. Search for the documents that contains the value",
                    "items": {
                      "type": "string"
                    }
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter the search by group_id. Search for the documents that contains the value"
                  },
                  "not.group_id": {
                    "type": "string",
                    "title": "Filter the search by not.group_id. Search for the documents that does not contain the value"
                  },
                  "group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_id.keyword. Search for the documents that equals the value"
                  },
                  "not.group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_id.keyword. Search for the documents that are not equal to the value"
                  },
                  "root_group_id": {
                    "type": "string",
                    "title": "Filter the search by root_group_id. Search for the documents that contains the value"
                  },
                  "not.root_group_id": {
                    "type": "string",
                    "title": "Filter the search by not.root_group_id. Search for the documents that does not contain the value"
                  },
                  "root_group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by root_group_id.keyword. Search for the documents that equals the value"
                  },
                  "not.root_group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.root_group_id.keyword. Search for the documents that are not equal to the value"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter the search by group_name. Search for the documents that contains the value"
                  },
                  "not.group_name": {
                    "type": "string",
                    "title": "Filter the search by not.group_name. Search for the documents that does not contain the value"
                  },
                  "group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_name.keyword. Search for the documents that equals the value"
                  },
                  "not.group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "policy_id": {
                    "type": "string",
                    "title": "Filter the search by policy_id. Search for the documents that contains the value"
                  },
                  "not.policy_id": {
                    "type": "string",
                    "title": "Filter the search by not.policy_id. Search for the documents that does not contain the value"
                  },
                  "policy_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by policy_id.keyword. Search for the documents that equals the value"
                  },
                  "not.policy_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.policy_id.keyword. Search for the documents that are not equal to the value"
                  },
                  "policy_name": {
                    "type": "string",
                    "title": "Filter the search by policy_name. Search for the documents that contains the value"
                  },
                  "not.policy_name": {
                    "type": "string",
                    "title": "Filter the search by not.policy_name. Search for the documents that does not contain the value"
                  },
                  "policy_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by policy_name.keyword. Search for the documents that equals the value"
                  },
                  "not.policy_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.policy_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "account_name": {
                    "type": "string",
                    "title": "Filter the search by account_name. Search for the documents that contains the value"
                  },
                  "not.account_name": {
                    "type": "string",
                    "title": "Filter the search by not.account_name. Search for the documents that does not contain the value"
                  },
                  "account_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by account_name.keyword. Search for the documents that equals the value"
                  },
                  "not.account_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.account_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "protocol": {
                    "type": "string",
                    "title": "Filter the search by protocol. Search for the documents that contains the value"
                  },
                  "not.protocol": {
                    "type": "string",
                    "title": "Filter the search by not.protocol. Search for the documents that does not contain the value"
                  },
                  "protocol.keyword": {
                    "type": "string",
                    "title": "Filter the search by protocol.keyword. Search for the documents that equals the value"
                  },
                  "not.protocol.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.protocol.keyword. Search for the documents that are not equal to the value"
                  },
                  "attack_user": {
                    "type": "string",
                    "title": "Filter the search by attack_user. Search for the documents that contains the value"
                  },
                  "not.attack_user": {
                    "type": "string",
                    "title": "Filter the search by not.attack_user. Search for the documents that does not contain the value"
                  },
                  "attack_user.keyword": {
                    "type": "string",
                    "title": "Filter the search by attack_user.keyword. Search for the documents that equals the value"
                  },
                  "not.attack_user.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.attack_user.keyword. Search for the documents that are not equal to the value"
                  },
                  "machine_name": {
                    "type": "string",
                    "title": "Filter the search by machine_name. Search for the documents that contains the value"
                  },
                  "not.machine_name": {
                    "type": "string",
                    "title": "Filter the search by not.machine_name. Search for the documents that does not contain the value"
                  },
                  "machine_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by machine_name.keyword. Search for the documents that equals the value"
                  },
                  "not.machine_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.machine_name.keyword. Search for the documents that are not equal to the value"
                  },
                  "ip": {
                    "type": "string",
                    "title": "Filter the search by the source ip. Search for the documents that match the value"
                  },
                  "not.ip": {
                    "type": "string",
                    "title": "Filter the search by the source not.ip. Search for the documents that does not match the value"
                  },
                  "machine_ip": {
                    "type": "string",
                    "title": "Filter the search by the destination machine_ip. Search for the documents that match the value"
                  },
                  "not.machine_ip": {
                    "type": "string",
                    "title": "Filter the search by the destination not.machine_ip. Search for the documents that does not match the value"
                  },
                  "deleted": {
                    "type": "boolean",
                    "title": "Filter the search by deleted. Search for the documents that have been deleted"
                  },
                  "create_time_before": {
                    "type": "string",
                    "title": "Filter the search by create_time_before. Search for the documents that occurs before the value"
                  },
                  "create_time_after": {
                    "type": "string",
                    "title": "Filter the search by create_time_after. Search for the documents that occurs after the value"
                  },
                  "expire_time_before": {
                    "type": "string",
                    "title": "Filter the search by expire_time_before. Search for the documents that occurs before the value"
                  },
                  "expire_time_after": {
                    "type": "string",
                    "title": "Filter the search by expire_time_after. Search for the documents that occurs after the value"
                  },
                  "port_lt": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by port_lt. Search for the documents that are less than the value"
                  },
                  "port_lte": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by port_lte. Search for the documents that are less than the value"
                  },
                  "port_gt": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by port_gt. Search for the documents that are greater than the value"
                  },
                  "port_gte": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by port_gte. Search for the documents that are greater than the value"
                  },
                  "attempts_lt": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by attempts_lt. Search for the documents that are less than the value"
                  },
                  "attempts_lte": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by attempts_lte. Search for the documents that are less than the value"
                  },
                  "attempts_gt": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by attempts_gt. Search for the documents that are greater than the value"
                  },
                  "attempts_gte": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by attempts_gte. Search for the documents that are greater than the value"
                  },
                  "duration_lt": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by duration_lt. Search for the documents that are less than the value"
                  },
                  "duration_lte": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by duration_lte. Search for the documents that are less than the value"
                  },
                  "duration_gt": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by duration_gt. Search for the documents that are greater than the value"
                  },
                  "duration_gte": {
                    "type": [
                      "integer",
                      "string"
                    ],
                    "pattern": "^\\d+$",
                    "title": "Filter the search by duration_gte. Search for the documents that are greater than the value"
                  },
                  "source_location.city": {
                    "type": "string",
                    "title": "Filter the search by source_location.city. Search for the documents that contains the value"
                  },
                  "not.source_location.city": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.city. Search for the documents that does not contain the value"
                  },
                  "source_location.city.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.city.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.city.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.city.keyword. Search for the documents that are not equal to the value"
                  },
                  "source_location.country": {
                    "type": "string",
                    "title": "Filter the search by source_location.country. Search for the documents that contains the value"
                  },
                  "not.source_location.country": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.country. Search for the documents that does not contain the value"
                  },
                  "source_location.country.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.country.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.country.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.country.keyword. Search for the documents that are not equal to the value"
                  },
                  "source_location.country_iso": {
                    "type": "string",
                    "title": "Filter the search by source_location.country_iso. Search for the documents that contains the value"
                  },
                  "not.source_location.country_iso": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.country_iso. Search for the documents that does not contain the value"
                  },
                  "source_location.country_iso.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.country_iso.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.country_iso.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.country_iso.keyword. Search for the documents that are not equal to the value"
                  },
                  "source_location.continent": {
                    "type": "string",
                    "title": "Filter the search by source_location.continent. Search for the documents that contains the value"
                  },
                  "not.source_location.continent": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.continent. Search for the documents that does not contain the value"
                  },
                  "source_location.continent.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.continent.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.continent.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.continent.keyword. Search for the documents that are not equal to the value"
                  },
                  "source_location.time_zone": {
                    "type": "string",
                    "title": "Filter the search by source_location.time_zone. Search for the documents that contains the value"
                  },
                  "not.source_location.time_zone": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.time_zone. Search for the documents that does not contain the value"
                  },
                  "source_location.time_zone.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.time_zone.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.time_zone.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.time_zone.keyword. Search for the documents that are not equal to the value"
                  },
                  "source_location.postal_code": {
                    "type": "string",
                    "title": "Filter the search by source_location.postal_code. Search for the documents that contains the value"
                  },
                  "not.source_location.postal_code": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.postal_code. Search for the documents that does not contain the value"
                  },
                  "source_location.postal_code.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.postal_code.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.postal_code.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.postal_code.keyword. Search for the documents that are not equal to the value"
                  },
                  "source_location.subdivisions": {
                    "type": "string",
                    "title": "Filter the search by source_location.subdivisions. Search for the documents that contains the value"
                  },
                  "not.source_location.subdivisions": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.subdivisions. Search for the documents that does not contain the value"
                  },
                  "source_location.subdivisions.keyword": {
                    "type": "string",
                    "title": "Filter the search by source_location.subdivisions.keyword. Search for the documents that equals the value"
                  },
                  "not.source_location.subdivisions.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.source_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.city": {
                    "type": "string",
                    "title": "Filter the search by destination_location.city. Search for the documents that contains the value"
                  },
                  "not.destination_location.city": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.city. Search for the documents that does not contain the value"
                  },
                  "destination_location.city.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.city.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.city.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.city.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.country": {
                    "type": "string",
                    "title": "Filter the search by destination_location.country. Search for the documents that contains the value"
                  },
                  "not.destination_location.country": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.country. Search for the documents that does not contain the value"
                  },
                  "destination_location.country.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.country.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.country.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.country.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.country_iso": {
                    "type": "string",
                    "title": "Filter the search by destination_location.country_iso. Search for the documents that contains the value"
                  },
                  "not.destination_location.country_iso": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.country_iso. Search for the documents that does not contain the value"
                  },
                  "destination_location.country_iso.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.country_iso.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.country_iso.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.country_iso.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.continent": {
                    "type": "string",
                    "title": "Filter the search by destination_location.continent. Search for the documents that contains the value"
                  },
                  "not.destination_location.continent": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.continent. Search for the documents that does not contain the value"
                  },
                  "destination_location.continent.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.continent.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.continent.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.continent.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.time_zone": {
                    "type": "string",
                    "title": "Filter the search by destination_location.time_zone. Search for the documents that contains the value"
                  },
                  "not.destination_location.time_zone": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.time_zone. Search for the documents that does not contain the value"
                  },
                  "destination_location.time_zone.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.time_zone.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.time_zone.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.time_zone.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.postal_code": {
                    "type": "string",
                    "title": "Filter the search by destination_location.postal_code. Search for the documents that contains the value"
                  },
                  "not.destination_location.postal_code": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.postal_code. Search for the documents that does not contain the value"
                  },
                  "destination_location.postal_code.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.postal_code.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.postal_code.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.postal_code.keyword. Search for the documents that are not equal to the value"
                  },
                  "destination_location.subdivisions": {
                    "type": "string",
                    "title": "Filter the search by destination_location.subdivisions. Search for the documents that contains the value"
                  },
                  "not.destination_location.subdivisions": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.subdivisions. Search for the documents that does not contain the value"
                  },
                  "destination_location.subdivisions.keyword": {
                    "type": "string",
                    "title": "Filter the search by destination_location.subdivisions.keyword. Search for the documents that equals the value"
                  },
                  "not.destination_location.subdivisions.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.destination_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "default": "expire_time",
                    "enum": [
                      "id",
                      "rule_id",
                      "origin_id",
                      "machine_id",
                      "group_id",
                      "root_group_id",
                      "group_name",
                      "policy_id",
                      "policy_name",
                      "account_id",
                      "account_name",
                      "port",
                      "attempts",
                      "duration",
                      "protocol",
                      "attack_user",
                      "machine_ip",
                      "ip",
                      "create_time",
                      "expire_time",
                      "deleted",
                      "machine_name",
                      "at",
                      "nics.ips",
                      "nics.mac_address",
                      "nics.description.keyword",
                      "os_info.os_type",
                      "os_info.os_version.keyword",
                      "os_info.os_platform",
                      "os_info.os_architecture",
                      "os_info.os_release_name.keyword",
                      "host_name.keyword",
                      "fully_qualified_host_name.keyword",
                      "plugins.asset_manager.plugin_version.keyword",
                      "plugins.asset_manager.reboot_reasons",
                      "plugins.endpoint_protection.plugin_version.keyword",
                      "plugins.endpoint_protection.sdk_version.keyword",
                      "plugins.endpoint_protection.component_package_version.keyword",
                      "plugins.endpoint_protection.update_package_version.keyword",
                      "plugins.endpoint_protection.reboot_reasons",
                      "plugins.endpoint_detection_and_response.plugin_version.keyword",
                      "plugins.endpoint_detection_and_response.reboot_reasons",
                      "plugins.incident_response.plugin_version.keyword",
                      "plugins.incident_response.reboot_reasons",
                      "plugins.siem.plugin_version.keyword",
                      "plugins.browser_phishing_protection.plugin_version.keyword",
                      "plugins.siem.reboot_reasons",
                      "engine_version.keyword",
                      "domain_name.keyword",
                      "policy_etag",
                      "source_location.city",
                      "source_location.country",
                      "source_location.country_iso",
                      "source_location.continent",
                      "source_location.time_zone",
                      "source_location.postal_code",
                      "source_location.subdivisions",
                      "destination_location.city",
                      "destination_location.country",
                      "destination_location.country_iso",
                      "destination_location.continent",
                      "destination_location.time_zone",
                      "destination_location.postal_code",
                      "destination_location.subdivisions"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "default": "asc",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "default": 50,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "protection_status",
                        "os_info.os_release_name.keyword",
                        "nics.ips",
                        "nics.mac_address",
                        "nics.description.keyword",
                        "os_info.os_type",
                        "os_info.os_version.keyword",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "host_name.keyword",
                        "fully_qualified_host_name.keyword",
                        "plugins.asset_manager.plugin_version.keyword",
                        "plugins.asset_manager.reboot_reasons",
                        "plugins.endpoint_protection.plugin_version.keyword",
                        "plugins.endpoint_protection.sdk_version.keyword",
                        "plugins.endpoint_protection.component_package_version.keyword",
                        "plugins.endpoint_protection.update_package_version.keyword",
                        "plugins.endpoint_protection.reboot_reasons",
                        "plugins.endpoint_detection_and_response.plugin_version.keyword",
                        "plugins.endpoint_detection_and_response.reboot_reasons",
                        "plugins.incident_response.plugin_version.keyword",
                        "plugins.incident_response.reboot_reasons",
                        "plugins.siem.plugin_version.keyword",
                        "plugins.siem.reboot_reasons",
                        "engine_version.keyword",
                        "domain_name.keyword",
                        "policy_etag",
                        "last_user.keyword",
                        "is_software_update_available",
                        "origin_id",
                        "machine_id",
                        "group_id",
                        "root_group_id",
                        "group_name",
                        "policy_id",
                        "policy_name",
                        "port",
                        "protocol",
                        "attack_user",
                        "machine_ip",
                        "ip",
                        "deleted",
                        "machine_name",
                        "source_location.city",
                        "source_location.country",
                        "source_location.country_iso",
                        "source_location.continent",
                        "source_location.time_zone",
                        "source_location.postal_code",
                        "source_location.subdivisions",
                        "destination_location.city",
                        "destination_location.country",
                        "destination_location.country_iso",
                        "destination_location.continent",
                        "destination_location.time_zone",
                        "destination_location.postal_code",
                        "destination_location.subdivisions"
                      ]
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Search assets software result",
                  "properties": {
                    "rules": {
                      "type": "array",
                      "items": {
                        "allOf": [
                          {
                            "$schema": "http://json-schema.org/draft-07/schema",
                            "type": "object",
                            "title": "The root schema",
                            "description": "The root schema comprises the entire JSON document.",
                            "default": {},
                            "examples": [
                              {
                                "parentId": "39a42ecb-bfd1-40e6-8b83-70318b7d30af",
                                "rootGroupId": "76132a40-5a9f-4197-9f38-c185f31f1d45",
                                "ruleId": "ed31c443-42fa-40ae-a4a6-a05ad8b560e4",
                                "ip": "10.153.0.162",
                                "attackUser": "Administrator",
                                "attempts": 2,
                                "expireTime": "2020-10-23T13:25:35Z",
                                "deleted": false,
                                "protocol": "RDP",
                                "createTime": "2020-10-23T13:20:35Z",
                                "groupId": "76132a40-5a9f-4197-9f38-c185f31f1d45",
                                "port": 3389,
                                "machineId": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                "accountId": "39a42ecb-bfd1-40e6-8b83-70318b7d30af",
                                "machineName": "sahamedw8-1x86",
                                "duration": 3
                              }
                            ],
                            "properties": {
                              "parent_id": {
                                "type": "string",
                                "title": "The parent_id schema",
                                "default": "",
                                "examples": [
                                  "39a42ecb-bfd1-40e6-8b83-70318b7d30af"
                                ]
                              },
                              "root_group_id": {
                                "type": "string",
                                "title": "The root_group_id schema",
                                "default": "",
                                "examples": [
                                  "76132a40-5a9f-4197-9f38-c185f31f1d45"
                                ]
                              },
                              "rule_id": {
                                "type": "string",
                                "title": "The rule_id schema",
                                "default": "",
                                "examples": [
                                  "ed31c443-42fa-40ae-a4a6-a05ad8b560e4"
                                ]
                              },
                              "ip": {
                                "type": "string",
                                "title": "The ip schema",
                                "default": "",
                                "examples": [
                                  "10.153.0.162"
                                ]
                              },
                              "attack_user": {
                                "type": "string",
                                "title": "The attack_user schema",
                                "default": "",
                                "examples": [
                                  "Administrator"
                                ]
                              },
                              "attempts": {
                                "type": "integer",
                                "title": "The attempts schema",
                                "default": 0,
                                "examples": [
                                  2
                                ]
                              },
                              "expire_time": {
                                "type": "string",
                                "title": "The expireTime schema",
                                "default": "",
                                "examples": [
                                  "2020-10-23T13:25:35Z"
                                ]
                              },
                              "deleted": {
                                "type": "boolean",
                                "title": "The deleted schema",
                                "default": false,
                                "examples": [
                                  false
                                ]
                              },
                              "protocol": {
                                "type": "string",
                                "title": "The protocol schema",
                                "default": "",
                                "examples": [
                                  "RDP"
                                ]
                              },
                              "create_time": {
                                "type": "string",
                                "title": "The create_time schema",
                                "default": "",
                                "examples": [
                                  "2020-10-23T13:20:35Z"
                                ]
                              },
                              "group_id": {
                                "type": "string",
                                "title": "The group_id schema",
                                "default": "",
                                "examples": [
                                  "76132a40-5a9f-4197-9f38-c185f31f1d45"
                                ]
                              },
                              "port": {
                                "type": "integer",
                                "title": "The port schema",
                                "default": 0,
                                "examples": [
                                  3389
                                ]
                              },
                              "machine_id": {
                                "type": "string",
                                "title": "The machine_id schema",
                                "default": "",
                                "examples": [
                                  "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                ]
                              },
                              "account_id": {
                                "type": "string",
                                "title": "The account_id schema",
                                "default": "",
                                "examples": [
                                  "39a42ecb-bfd1-40e6-8b83-70318b7d30af"
                                ]
                              },
                              "account_name": {
                                "type": "string",
                                "title": "The account_name schema",
                                "default": "",
                                "examples": [
                                  "my_account"
                                ]
                              },
                              "machine_name": {
                                "type": "string",
                                "title": "The machine_name schema",
                                "default": "",
                                "examples": [
                                  "sahamedw8-1x86"
                                ]
                              },
                              "duration": {
                                "type": "integer",
                                "title": "The duration schema",
                                "default": 0,
                                "examples": [
                                  3
                                ]
                              }
                            }
                          },
                          {
                            "properties": {
                              "agent": {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "at": "2020-10-23T14:20:51.006558Z",
                                    "is_software_update_available": false,
                                    "started_at_local": "2020-10-23T14:20:50.920306Z",
                                    "started_at_offset": -25200,
                                    "nics": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "os_info": {
                                      "os_type": "Workstation",
                                      "os_version": "6.3.9600",
                                      "os_platform": "Windows",
                                      "os_architecture": "x86",
                                      "os_release_name": "Microsoft Windows 8.1 Pro"
                                    },
                                    "fully_qualified_host_name": "sahamedw8-1x86",
                                    "plugins": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      },
                                      "endpoint_protection": {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      },
                                      "asset_manager": {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      },
                                      "endpoint_detection_and_response": {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    },
                                    "engine_version": "1.2.0.821",
                                    "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                    "last_user": "SAHAMEDW8-1X86\\Administrator",
                                    "serial_number": "c02thb32g8wn",
                                    "host_name": "sahamedw8-1x86",
                                    "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                    "machine_ip": "216.75.233.210"
                                  }
                                ],
                                "properties": {
                                  "at": {
                                    "type": "string",
                                    "title": "The at schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:51.006558Z"
                                    ]
                                  },
                                  "is_software_update_available": {
                                    "type": "boolean",
                                    "title": "The is_software_update_available schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "started_at_local": {
                                    "type": "string",
                                    "title": "The started_at_local schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:50.920306Z"
                                    ]
                                  },
                                  "started_at_offset": {
                                    "type": "integer",
                                    "title": "The started_at_offset schema",
                                    "default": 0,
                                    "examples": [
                                      -25200
                                    ]
                                  },
                                  "nics": {
                                    "type": "array",
                                    "title": "The nics schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ]
                                    ],
                                    "additionalItems": true,
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "object",
                                          "title": "The first anyOf schema",
                                          "default": {},
                                          "examples": [
                                            {
                                              "ips": [
                                                "10.151.110.52"
                                              ],
                                              "description": "Intel(R) 82574L Gigabit Network Connection",
                                              "mac_address": "005056B91173"
                                            }
                                          ],
                                          "properties": {
                                            "ips": {
                                              "type": "array",
                                              "title": "The ips schema",
                                              "default": [],
                                              "examples": [
                                                [
                                                  "10.151.110.52"
                                                ]
                                              ],
                                              "additionalItems": true,
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "The first anyOf schema",
                                                    "default": "",
                                                    "examples": [
                                                      "10.151.110.52"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "The description schema",
                                              "default": "",
                                              "examples": [
                                                "Intel(R) 82574L Gigabit Network Connection"
                                              ]
                                            },
                                            "mac_address": {
                                              "type": "string",
                                              "title": "The mac_address schema",
                                              "default": "",
                                              "examples": [
                                                "005056B91173"
                                              ]
                                            }
                                          },
                                          "additionalProperties": true
                                        }
                                      ]
                                    }
                                  },
                                  "os_info": {
                                    "type": "object",
                                    "title": "The os_info schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "os_type": "Workstation",
                                        "os_version": "6.3.9600",
                                        "os_platform": "Windows",
                                        "os_architecture": "x86",
                                        "os_release_name": "Microsoft Windows 8.1 Pro"
                                      }
                                    ],
                                    "properties": {
                                      "os_type": {
                                        "type": "string",
                                        "title": "The os_type schema",
                                        "default": "",
                                        "examples": [
                                          "Workstation"
                                        ]
                                      },
                                      "os_version": {
                                        "type": "string",
                                        "title": "The os_version schema",
                                        "default": "",
                                        "examples": [
                                          "6.3.9600"
                                        ]
                                      },
                                      "os_platform": {
                                        "type": "string",
                                        "title": "The os_platform schema",
                                        "default": "",
                                        "examples": [
                                          "Windows"
                                        ]
                                      },
                                      "os_architecture": {
                                        "type": "string",
                                        "title": "The os_architecture schema",
                                        "default": "",
                                        "examples": [
                                          "x86"
                                        ]
                                      },
                                      "os_release_name": {
                                        "type": "string",
                                        "title": "The os_release_name schema",
                                        "default": "",
                                        "examples": [
                                          "Microsoft Windows 8.1 Pro"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "fully_qualified_host_name": {
                                    "type": "string",
                                    "title": "The fully_qualified_host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "plugins": {
                                    "type": "object",
                                    "title": "The plugins schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "windows_remote_intrusion_detection_and_prevention": {
                                          "product_name": "Windows Remote Intrusion Detection and Prevention",
                                          "plugin_version": "1.2.0.21"
                                        },
                                        "endpoint_protection": {
                                          "sdk_version": "4.2.1.90",
                                          "product_name": "Endpoint Protection",
                                          "plugin_version": "1.2.0.844",
                                          "update_package_version": "1.0.31870",
                                          "component_package_version": "1.0.1085",
                                          "reboot_reasons": 0
                                        },
                                        "asset_manager": {
                                          "product_name": "Asset Manager",
                                          "plugin_version": "1.2.0.330",
                                          "reboot_reasons": 0
                                        },
                                        "endpoint_detection_and_response": {
                                          "product_name": "Endpoint Detection and Response",
                                          "plugin_version": "1.2.0.297",
                                          "reboot_reasons": 0
                                        }
                                      }
                                    ],
                                    "properties": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "type": "object",
                                        "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Windows Remote Intrusion Detection and Prevention",
                                            "plugin_version": "1.2.0.21"
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Windows Remote Intrusion Detection and Prevention"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.21"
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_protection": {
                                        "type": "object",
                                        "title": "The endpoint_protection schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "sdk_version": "4.2.1.90",
                                            "product_name": "Endpoint Protection",
                                            "plugin_version": "1.2.0.844",
                                            "update_package_version": "1.0.31870",
                                            "component_package_version": "1.0.1085",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "sdk_version": {
                                            "type": "string",
                                            "title": "The sdk_version schema",
                                            "default": "",
                                            "examples": [
                                              "4.2.1.90"
                                            ]
                                          },
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Protection"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.844"
                                            ]
                                          },
                                          "update_package_version": {
                                            "type": "string",
                                            "title": "The update_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.31870"
                                            ]
                                          },
                                          "component_package_version": {
                                            "type": "string",
                                            "title": "The component_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.1085"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "asset_manager": {
                                        "type": "object",
                                        "title": "The asset_manager schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Asset Manager",
                                            "plugin_version": "1.2.0.330",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Asset Manager"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.330"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_detection_and_response": {
                                        "type": "object",
                                        "title": "The endpoint_detection_and_response schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Endpoint Detection and Response",
                                            "plugin_version": "1.2.0.297",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Detection and Response"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.297"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "engine_version": {
                                    "type": "string",
                                    "title": "The engine_version schema",
                                    "default": "",
                                    "examples": [
                                      "1.2.0.821"
                                    ]
                                  },
                                  "policy_etag": {
                                    "type": "string",
                                    "title": "The policy_etag schema",
                                    "default": "",
                                    "examples": [
                                      "c6ea44914b72c92cba939ac3bd369dc4"
                                    ]
                                  },
                                  "last_user": {
                                    "type": "string",
                                    "title": "The last_user schema",
                                    "default": "",
                                    "examples": [
                                      "SAHAMEDW8-1X86\\Administrator"
                                    ]
                                  },
                                  "host_name": {
                                    "type": "string",
                                    "title": "The host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "machine_id": {
                                    "type": "string",
                                    "title": "The machine_id schema",
                                    "default": "",
                                    "examples": [
                                      "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                    ]
                                  },
                                  "machine_ip": {
                                    "type": "string",
                                    "title": "The machine_ip schema",
                                    "default": "",
                                    "examples": [
                                      "216.75.233.210"
                                    ]
                                  },
                                  "object_guid": {
                                    "type": "string",
                                    "title": "The object_guid schema",
                                    "default": ""
                                  }
                                }
                              },
                              "source_location": {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              "destination_location": {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        ]
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "rules",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Remote Intrusion Detection"
        ],
        "operationId": "api.v2.nebula.search.rid.rules"
      }
    },
    "/nebula/v1/rid/rules/search-groupby": {
      "post": {
        "description": "Search grouped RID",
        "summary": "Search grouped RID",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Assets Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "allOf": [
                  {
                    "$schema": "http://json-schema.org/draft-07/schema",
                    "type": "object",
                    "title": "Search rid rules request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "required": [],
                    "properties": {
                      "nics.mac_address": {
                        "type": "string",
                        "title": "Filter the search by nics.mac_address. Search for the documents that contains the value"
                      },
                      "not.nics.mac_address": {
                        "type": "string",
                        "title": "Filter the search by not.nics.mac_address. Search for the documents that does not contain the value"
                      },
                      "nics.mac_address.keyword": {
                        "type": "string",
                        "title": "Filter the search by nics.mac_address.keyword. Search for the documents that equals the value"
                      },
                      "not.nics.mac_address.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.nics.mac_address.keyword. Search for the documents that are not equal to the value"
                      },
                      "nics.description": {
                        "type": "string",
                        "title": "Filter the search by nics.description. Search for the documents that contains the value"
                      },
                      "not.nics.description": {
                        "type": "string",
                        "title": "Filter the search by not.nics.description. Search for the documents that does not contain the value"
                      },
                      "nics.description.keyword": {
                        "type": "string",
                        "title": "Filter the search by nics.description.keyword. Search for the documents that equals the value"
                      },
                      "not.nics.description.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.nics.description.keyword. Search for the documents that are not equal to the value"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for the documents that contains the value"
                      },
                      "not.os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_type. Search for the documents that does not contain the value"
                      },
                      "os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type.keyword. Search for the documents that equals the value"
                      },
                      "not.os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_type.keyword. Search for the documents that are not equal to the value"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for the documents that contains the value"
                      },
                      "not.os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_version. Search for the documents that does not contain the value"
                      },
                      "os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version.keyword. Search for the documents that equals the value"
                      },
                      "not.os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for the documents that contains the value"
                      },
                      "not.os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_platform. Search for the documents that does not contain the value"
                      },
                      "os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform.keyword. Search for the documents that equals the value"
                      },
                      "not.os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_platform.keyword. Search for the documents that are not equal to the value"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for the documents that contains the value"
                      },
                      "not.os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_architecture. Search for the documents that does not contain the value"
                      },
                      "os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture.keyword. Search for the documents that equals the value"
                      },
                      "not.os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the documents that are not equal to the value"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for the documents that contains the value"
                      },
                      "not.os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_release_name. Search for the documents that does not contain the value"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name.keyword. Search for the documents that equals the value"
                      },
                      "not.os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for the documents that contains the value"
                      },
                      "not.host_name": {
                        "type": "string",
                        "title": "Filter the search by not.host_name. Search for the documents that does not contain the value"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by host_name.keyword. Search for the documents that equals the value"
                      },
                      "not.host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.host_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for the documents that contains the value"
                      },
                      "not.fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by not.fully_qualified_host_name. Search for the documents that does not contain the value"
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name.keyword. Search for the documents that equals the value"
                      },
                      "not.fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.asset_manager.plugin_version. Search for the documents that contains the value"
                      },
                      "not.plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.asset_manager.plugin_version. Search for the documents that does not contain the value"
                      },
                      "plugins.asset_manager.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.asset_manager.plugin_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.asset_manager.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.asset_manager.plugin_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.asset_manager.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by plugins.asset_manager.reboot_reasons. Search for the documents that contains the value"
                      },
                      "not.plugins.asset_manager.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.asset_manager.reboot_reasons. Search for the documents that does not contain the value"
                      },
                      "plugins.asset_manager.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.asset_manager.reboot_reasons.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.asset_manager.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.asset_manager.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.plugin_version. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.plugin_version. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.plugin_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.sdk_version. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.sdk_version. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_protection.sdk_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.sdk_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_protection.sdk_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.sdk_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.component_package_version. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.component_package_version. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_protection.component_package_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.component_package_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_protection.component_package_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.component_package_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.update_package_version. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.update_package_version. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_protection.update_package_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.update_package_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_protection.update_package_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.update_package_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_protection.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.reboot_reasons. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_protection.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_protection.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_protection.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_detection_and_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_detection_and_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_detection_and_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.endpoint_detection_and_response.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that contains the value"
                      },
                      "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons. Search for the documents that does not contain the value"
                      },
                      "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.endpoint_detection_and_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.incident_response.plugin_version. Search for the documents that contains the value"
                      },
                      "not.plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.incident_response.plugin_version. Search for the documents that does not contain the value"
                      },
                      "plugins.incident_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.incident_response.plugin_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.incident_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.incident_response.plugin_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.incident_response.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by plugins.incident_response.reboot_reasons. Search for the documents that contains the value"
                      },
                      "not.plugins.incident_response.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.incident_response.reboot_reasons. Search for the documents that does not contain the value"
                      },
                      "plugins.incident_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.incident_response.reboot_reasons.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.incident_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.incident_response.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.siem.plugin_version. Search for the documents that contains the value"
                      },
                      "not.plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.siem.plugin_version. Search for the documents that does not contain the value"
                      },
                      "plugins.siem.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.siem.plugin_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.siem.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.siem.plugin_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by plugins.browser_phishing_protection.plugin_version. Search for the documents that contains the value"
                      },
                      "not.plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version. Search for the documents that does not contain the value"
                      },
                      "plugins.browser_phishing_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.browser_phishing_protection.plugin_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "plugins.siem.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by plugins.siem.reboot_reasons. Search for the documents that contains the value"
                      },
                      "not.plugins.siem.reboot_reasons": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.siem.reboot_reasons. Search for the documents that does not contain the value"
                      },
                      "plugins.siem.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by plugins.siem.reboot_reasons.keyword. Search for the documents that equals the value"
                      },
                      "not.plugins.siem.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.plugins.siem.reboot_reasons.keyword. Search for the documents that are not equal to the value"
                      },
                      "engine_version": {
                        "type": "string",
                        "title": "Filter the search by engine_version. Search for the documents that equal the value"
                      },
                      "not.engine_version": {
                        "type": "string",
                        "title": "Filter the search by not.engine_version. Search for the documents that does not equal the value"
                      },
                      "engine_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by engine_version.keyword. Search for the documents that equals the value"
                      },
                      "not.engine_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.engine_version.keyword. Search for the documents that are not equal to the value"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for the documents that contains the value"
                      },
                      "not.domain_name": {
                        "type": "string",
                        "title": "Filter the search by not.domain_name. Search for the documents that does not contain the value"
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain_name.keyword. Search for the documents that equals the value"
                      },
                      "not.domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.domain_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "policy_etag": {
                        "type": "string",
                        "title": "Filter the search by policy_etag. Search for the documents that contains the value"
                      },
                      "not.policy_etag": {
                        "type": "string",
                        "title": "Filter the search by not.policy_etag. Search for the documents that does not contain the value"
                      },
                      "policy_etag.keyword": {
                        "type": "string",
                        "title": "Filter the search by policy_etag.keyword. Search for the documents that equals the value"
                      },
                      "not.policy_etag.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.policy_etag.keyword. Search for the documents that are not equal to the value"
                      },
                      "last_user": {
                        "type": "string",
                        "title": "Filter the search by last_user. Search for the documents that contains the value"
                      },
                      "not.last_user": {
                        "type": "string",
                        "title": "Filter the search by not.last_user. Search for the documents that does not contain the value"
                      },
                      "last_user.keyword": {
                        "type": "string",
                        "title": "Filter the search by last_user.keyword. Search for the documents that equals the value"
                      },
                      "not.last_user.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.last_user.keyword. Search for the documents that are not equal to the value"
                      },
                      "id": {
                        "type": "string",
                        "title": "Filter the search by id. Search for the documents that contains the value"
                      },
                      "not.id": {
                        "type": "string",
                        "title": "Filter the search by not.id. Search for the documents that does not contain the value"
                      },
                      "id.keyword": {
                        "type": "string",
                        "title": "Filter the search by id.keyword. Search for the documents that equals the value"
                      },
                      "not.id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.id.keyword. Search for the documents that are not equal to the value"
                      },
                      "rule_id": {
                        "type": "string",
                        "title": "Filter the search by rule_id. Search for the documents that contains the value"
                      },
                      "not.rule_id": {
                        "type": "string",
                        "title": "Filter the search by not.rule_id. Search for the documents that does not contain the value"
                      },
                      "rule_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by rule_id.keyword. Search for the documents that equals the value"
                      },
                      "not.rule_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.rule_id.keyword. Search for the documents that are not equal to the value"
                      },
                      "origin_id": {
                        "type": "string",
                        "title": "Filter the search by origin_id. Search for the documents that contains the value"
                      },
                      "not.origin_id": {
                        "type": "string",
                        "title": "Filter the search by not.origin_id. Search for the documents that does not contain the value"
                      },
                      "origin_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by origin_id.keyword. Search for the documents that equals the value"
                      },
                      "not.origin_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.origin_id.keyword. Search for the documents that are not equal to the value"
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "Filter the search by machine_id. Search for the documents that contains the value"
                      },
                      "not.machine_id": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id. Search for the documents that does not contain the value"
                      },
                      "machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by machine_id.keyword. Search for the documents that equals the value"
                      },
                      "not.machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id.keyword. Search for the documents that are not equal to the value"
                      },
                      "group_ids": {
                        "type": "array",
                        "title": "Filter the search by group_ids. Search for the documents that contains the value",
                        "items": {
                          "type": "string"
                        }
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter the search by group_id. Search for the documents that contains the value"
                      },
                      "not.group_id": {
                        "type": "string",
                        "title": "Filter the search by not.group_id. Search for the documents that does not contain the value"
                      },
                      "group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_id.keyword. Search for the documents that equals the value"
                      },
                      "not.group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_id.keyword. Search for the documents that are not equal to the value"
                      },
                      "root_group_id": {
                        "type": "string",
                        "title": "Filter the search by root_group_id. Search for the documents that contains the value"
                      },
                      "not.root_group_id": {
                        "type": "string",
                        "title": "Filter the search by not.root_group_id. Search for the documents that does not contain the value"
                      },
                      "root_group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by root_group_id.keyword. Search for the documents that equals the value"
                      },
                      "not.root_group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.root_group_id.keyword. Search for the documents that are not equal to the value"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter the search by group_name. Search for the documents that contains the value"
                      },
                      "not.group_name": {
                        "type": "string",
                        "title": "Filter the search by not.group_name. Search for the documents that does not contain the value"
                      },
                      "group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_name.keyword. Search for the documents that equals the value"
                      },
                      "not.group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "policy_id": {
                        "type": "string",
                        "title": "Filter the search by policy_id. Search for the documents that contains the value"
                      },
                      "not.policy_id": {
                        "type": "string",
                        "title": "Filter the search by not.policy_id. Search for the documents that does not contain the value"
                      },
                      "policy_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by policy_id.keyword. Search for the documents that equals the value"
                      },
                      "not.policy_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.policy_id.keyword. Search for the documents that are not equal to the value"
                      },
                      "policy_name": {
                        "type": "string",
                        "title": "Filter the search by policy_name. Search for the documents that contains the value"
                      },
                      "not.policy_name": {
                        "type": "string",
                        "title": "Filter the search by not.policy_name. Search for the documents that does not contain the value"
                      },
                      "policy_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by policy_name.keyword. Search for the documents that equals the value"
                      },
                      "not.policy_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.policy_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "account_name": {
                        "type": "string",
                        "title": "Filter the search by account_name. Search for the documents that contains the value"
                      },
                      "not.account_name": {
                        "type": "string",
                        "title": "Filter the search by not.account_name. Search for the documents that does not contain the value"
                      },
                      "account_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by account_name.keyword. Search for the documents that equals the value"
                      },
                      "not.account_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.account_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "protocol": {
                        "type": "string",
                        "title": "Filter the search by protocol. Search for the documents that contains the value"
                      },
                      "not.protocol": {
                        "type": "string",
                        "title": "Filter the search by not.protocol. Search for the documents that does not contain the value"
                      },
                      "protocol.keyword": {
                        "type": "string",
                        "title": "Filter the search by protocol.keyword. Search for the documents that equals the value"
                      },
                      "not.protocol.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.protocol.keyword. Search for the documents that are not equal to the value"
                      },
                      "attack_user": {
                        "type": "string",
                        "title": "Filter the search by attack_user. Search for the documents that contains the value"
                      },
                      "not.attack_user": {
                        "type": "string",
                        "title": "Filter the search by not.attack_user. Search for the documents that does not contain the value"
                      },
                      "attack_user.keyword": {
                        "type": "string",
                        "title": "Filter the search by attack_user.keyword. Search for the documents that equals the value"
                      },
                      "not.attack_user.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.attack_user.keyword. Search for the documents that are not equal to the value"
                      },
                      "machine_name": {
                        "type": "string",
                        "title": "Filter the search by machine_name. Search for the documents that contains the value"
                      },
                      "not.machine_name": {
                        "type": "string",
                        "title": "Filter the search by not.machine_name. Search for the documents that does not contain the value"
                      },
                      "machine_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by machine_name.keyword. Search for the documents that equals the value"
                      },
                      "not.machine_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.machine_name.keyword. Search for the documents that are not equal to the value"
                      },
                      "ip": {
                        "type": "string",
                        "title": "Filter the search by the source ip. Search for the documents that match the value"
                      },
                      "not.ip": {
                        "type": "string",
                        "title": "Filter the search by the source not.ip. Search for the documents that does not match the value"
                      },
                      "machine_ip": {
                        "type": "string",
                        "title": "Filter the search by the destination machine_ip. Search for the documents that match the value"
                      },
                      "not.machine_ip": {
                        "type": "string",
                        "title": "Filter the search by the destination not.machine_ip. Search for the documents that does not match the value"
                      },
                      "deleted": {
                        "type": "boolean",
                        "title": "Filter the search by deleted. Search for the documents that have been deleted"
                      },
                      "create_time_before": {
                        "type": "string",
                        "title": "Filter the search by create_time_before. Search for the documents that occurs before the value"
                      },
                      "create_time_after": {
                        "type": "string",
                        "title": "Filter the search by create_time_after. Search for the documents that occurs after the value"
                      },
                      "expire_time_before": {
                        "type": "string",
                        "title": "Filter the search by expire_time_before. Search for the documents that occurs before the value"
                      },
                      "expire_time_after": {
                        "type": "string",
                        "title": "Filter the search by expire_time_after. Search for the documents that occurs after the value"
                      },
                      "port_lt": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by port_lt. Search for the documents that are less than the value"
                      },
                      "port_lte": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by port_lte. Search for the documents that are less than the value"
                      },
                      "port_gt": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by port_gt. Search for the documents that are greater than the value"
                      },
                      "port_gte": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by port_gte. Search for the documents that are greater than the value"
                      },
                      "attempts_lt": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by attempts_lt. Search for the documents that are less than the value"
                      },
                      "attempts_lte": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by attempts_lte. Search for the documents that are less than the value"
                      },
                      "attempts_gt": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by attempts_gt. Search for the documents that are greater than the value"
                      },
                      "attempts_gte": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by attempts_gte. Search for the documents that are greater than the value"
                      },
                      "duration_lt": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by duration_lt. Search for the documents that are less than the value"
                      },
                      "duration_lte": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by duration_lte. Search for the documents that are less than the value"
                      },
                      "duration_gt": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by duration_gt. Search for the documents that are greater than the value"
                      },
                      "duration_gte": {
                        "type": [
                          "integer",
                          "string"
                        ],
                        "pattern": "^\\d+$",
                        "title": "Filter the search by duration_gte. Search for the documents that are greater than the value"
                      },
                      "source_location.city": {
                        "type": "string",
                        "title": "Filter the search by source_location.city. Search for the documents that contains the value"
                      },
                      "not.source_location.city": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.city. Search for the documents that does not contain the value"
                      },
                      "source_location.city.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.city.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.city.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.city.keyword. Search for the documents that are not equal to the value"
                      },
                      "source_location.country": {
                        "type": "string",
                        "title": "Filter the search by source_location.country. Search for the documents that contains the value"
                      },
                      "not.source_location.country": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.country. Search for the documents that does not contain the value"
                      },
                      "source_location.country.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.country.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.country.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.country.keyword. Search for the documents that are not equal to the value"
                      },
                      "source_location.country_iso": {
                        "type": "string",
                        "title": "Filter the search by source_location.country_iso. Search for the documents that contains the value"
                      },
                      "not.source_location.country_iso": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.country_iso. Search for the documents that does not contain the value"
                      },
                      "source_location.country_iso.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.country_iso.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.country_iso.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.country_iso.keyword. Search for the documents that are not equal to the value"
                      },
                      "source_location.continent": {
                        "type": "string",
                        "title": "Filter the search by source_location.continent. Search for the documents that contains the value"
                      },
                      "not.source_location.continent": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.continent. Search for the documents that does not contain the value"
                      },
                      "source_location.continent.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.continent.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.continent.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.continent.keyword. Search for the documents that are not equal to the value"
                      },
                      "source_location.time_zone": {
                        "type": "string",
                        "title": "Filter the search by source_location.time_zone. Search for the documents that contains the value"
                      },
                      "not.source_location.time_zone": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.time_zone. Search for the documents that does not contain the value"
                      },
                      "source_location.time_zone.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.time_zone.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.time_zone.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.time_zone.keyword. Search for the documents that are not equal to the value"
                      },
                      "source_location.postal_code": {
                        "type": "string",
                        "title": "Filter the search by source_location.postal_code. Search for the documents that contains the value"
                      },
                      "not.source_location.postal_code": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.postal_code. Search for the documents that does not contain the value"
                      },
                      "source_location.postal_code.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.postal_code.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.postal_code.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.postal_code.keyword. Search for the documents that are not equal to the value"
                      },
                      "source_location.subdivisions": {
                        "type": "string",
                        "title": "Filter the search by source_location.subdivisions. Search for the documents that contains the value"
                      },
                      "not.source_location.subdivisions": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.subdivisions. Search for the documents that does not contain the value"
                      },
                      "source_location.subdivisions.keyword": {
                        "type": "string",
                        "title": "Filter the search by source_location.subdivisions.keyword. Search for the documents that equals the value"
                      },
                      "not.source_location.subdivisions.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.source_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.city": {
                        "type": "string",
                        "title": "Filter the search by destination_location.city. Search for the documents that contains the value"
                      },
                      "not.destination_location.city": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.city. Search for the documents that does not contain the value"
                      },
                      "destination_location.city.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.city.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.city.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.city.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.country": {
                        "type": "string",
                        "title": "Filter the search by destination_location.country. Search for the documents that contains the value"
                      },
                      "not.destination_location.country": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.country. Search for the documents that does not contain the value"
                      },
                      "destination_location.country.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.country.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.country.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.country.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.country_iso": {
                        "type": "string",
                        "title": "Filter the search by destination_location.country_iso. Search for the documents that contains the value"
                      },
                      "not.destination_location.country_iso": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.country_iso. Search for the documents that does not contain the value"
                      },
                      "destination_location.country_iso.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.country_iso.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.country_iso.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.country_iso.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.continent": {
                        "type": "string",
                        "title": "Filter the search by destination_location.continent. Search for the documents that contains the value"
                      },
                      "not.destination_location.continent": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.continent. Search for the documents that does not contain the value"
                      },
                      "destination_location.continent.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.continent.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.continent.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.continent.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.time_zone": {
                        "type": "string",
                        "title": "Filter the search by destination_location.time_zone. Search for the documents that contains the value"
                      },
                      "not.destination_location.time_zone": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.time_zone. Search for the documents that does not contain the value"
                      },
                      "destination_location.time_zone.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.time_zone.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.time_zone.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.time_zone.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.postal_code": {
                        "type": "string",
                        "title": "Filter the search by destination_location.postal_code. Search for the documents that contains the value"
                      },
                      "not.destination_location.postal_code": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.postal_code. Search for the documents that does not contain the value"
                      },
                      "destination_location.postal_code.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.postal_code.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.postal_code.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.postal_code.keyword. Search for the documents that are not equal to the value"
                      },
                      "destination_location.subdivisions": {
                        "type": "string",
                        "title": "Filter the search by destination_location.subdivisions. Search for the documents that contains the value"
                      },
                      "not.destination_location.subdivisions": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.subdivisions. Search for the documents that does not contain the value"
                      },
                      "destination_location.subdivisions.keyword": {
                        "type": "string",
                        "title": "Filter the search by destination_location.subdivisions.keyword. Search for the documents that equals the value"
                      },
                      "not.destination_location.subdivisions.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.destination_location.subdivisions.keyword. Search for the documents that are not equal to the value"
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "default": "expire_time",
                        "enum": [
                          "id",
                          "rule_id",
                          "origin_id",
                          "machine_id",
                          "group_id",
                          "root_group_id",
                          "group_name",
                          "policy_id",
                          "policy_name",
                          "account_id",
                          "account_name",
                          "port",
                          "attempts",
                          "duration",
                          "protocol",
                          "attack_user",
                          "machine_ip",
                          "ip",
                          "create_time",
                          "expire_time",
                          "deleted",
                          "machine_name",
                          "at",
                          "nics.ips",
                          "nics.mac_address",
                          "nics.description.keyword",
                          "os_info.os_type",
                          "os_info.os_version.keyword",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name.keyword",
                          "host_name.keyword",
                          "fully_qualified_host_name.keyword",
                          "plugins.asset_manager.plugin_version.keyword",
                          "plugins.asset_manager.reboot_reasons",
                          "plugins.endpoint_protection.plugin_version.keyword",
                          "plugins.endpoint_protection.sdk_version.keyword",
                          "plugins.endpoint_protection.component_package_version.keyword",
                          "plugins.endpoint_protection.update_package_version.keyword",
                          "plugins.endpoint_protection.reboot_reasons",
                          "plugins.endpoint_detection_and_response.plugin_version.keyword",
                          "plugins.endpoint_detection_and_response.reboot_reasons",
                          "plugins.incident_response.plugin_version.keyword",
                          "plugins.incident_response.reboot_reasons",
                          "plugins.siem.plugin_version.keyword",
                          "plugins.browser_phishing_protection.plugin_version.keyword",
                          "plugins.siem.reboot_reasons",
                          "engine_version.keyword",
                          "domain_name.keyword",
                          "policy_etag",
                          "source_location.city",
                          "source_location.country",
                          "source_location.country_iso",
                          "source_location.continent",
                          "source_location.time_zone",
                          "source_location.postal_code",
                          "source_location.subdivisions",
                          "destination_location.city",
                          "destination_location.country",
                          "destination_location.country_iso",
                          "destination_location.continent",
                          "destination_location.time_zone",
                          "destination_location.postal_code",
                          "destination_location.subdivisions"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "default": "asc",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "default": 50,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "protection_status",
                            "os_info.os_release_name.keyword",
                            "nics.ips",
                            "nics.mac_address",
                            "nics.description.keyword",
                            "os_info.os_type",
                            "os_info.os_version.keyword",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "host_name.keyword",
                            "fully_qualified_host_name.keyword",
                            "plugins.asset_manager.plugin_version.keyword",
                            "plugins.asset_manager.reboot_reasons",
                            "plugins.endpoint_protection.plugin_version.keyword",
                            "plugins.endpoint_protection.sdk_version.keyword",
                            "plugins.endpoint_protection.component_package_version.keyword",
                            "plugins.endpoint_protection.update_package_version.keyword",
                            "plugins.endpoint_protection.reboot_reasons",
                            "plugins.endpoint_detection_and_response.plugin_version.keyword",
                            "plugins.endpoint_detection_and_response.reboot_reasons",
                            "plugins.incident_response.plugin_version.keyword",
                            "plugins.incident_response.reboot_reasons",
                            "plugins.siem.plugin_version.keyword",
                            "plugins.siem.reboot_reasons",
                            "engine_version.keyword",
                            "domain_name.keyword",
                            "policy_etag",
                            "last_user.keyword",
                            "is_software_update_available",
                            "origin_id",
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "port",
                            "protocol",
                            "attack_user",
                            "machine_ip",
                            "ip",
                            "deleted",
                            "machine_name",
                            "source_location.city",
                            "source_location.country",
                            "source_location.country_iso",
                            "source_location.continent",
                            "source_location.time_zone",
                            "source_location.postal_code",
                            "source_location.subdivisions",
                            "destination_location.city",
                            "destination_location.country",
                            "destination_location.country_iso",
                            "destination_location.continent",
                            "destination_location.time_zone",
                            "destination_location.postal_code",
                            "destination_location.subdivisions"
                          ]
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The sort field Schema",
                    "enum": [
                      "origin_id",
                      "machine_id",
                      "group_id",
                      "root_group_id",
                      "group_name",
                      "policy_id",
                      "policy_name",
                      "account_id",
                      "account_name",
                      "parent_id",
                      "port",
                      "protocol",
                      "attack_user",
                      "machine_ip",
                      "ip",
                      "machine_name",
                      "source_location.city",
                      "source_location.country",
                      "source_location.country_iso",
                      "source_location.continent",
                      "source_location.time_zone",
                      "source_location.postal_code",
                      "destination_location.city",
                      "destination_location.country",
                      "destination_location.country_iso",
                      "destination_location.continent",
                      "destination_location.time_zone",
                      "destination_location.postal_code"
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Assets Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": "string",
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "fully_qualified_host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "tags": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "The tags Schema (only for machine_id aggregation)"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The account name Schema (only for accountId aggregation)"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Remote Intrusion Detection"
        ],
        "operationId": "api.v2.nebula.search.rid.group"
      }
    },
    "/nebula/v1/cve/export": {
      "post": {
        "description": "Export CVE data. You can export across multiple accounts. Specify your interested fields and the output format.\n\nSupported output formats: csv, xlsx, json.\n\n## Settings\n\n| Name | Description |\n|------|-------------|\n| groups | List of queries. The constraints accepted are the same accepted by the search assets software route. Refer to [Search CVE API](#operation/api.nebula.search.cve) for more information about the constraints accepted. |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n## Examples\n\n### Download HTML file\n\nA request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all detections on `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34`:\n\n```json\n\t{\n\t\t\"groups\": [{\n\t\t\t\"severity\": \"critical\"\n\t\t}],\n\t\t\"format\": \"html\",\n\t\t\"type\": \"string\",\n\t\t\"filename\": \"nameofthefile\",\n\t\t\"download\": true,\n\t\t\"select\": [\n            {\"field\": \"account_id\", \"newField\": \"account_id\"},\n            {\"field\": \"group_id\", \"newField\": \"groupId\"},\n            {\"field\": \"vendor\", \"newField\": \"vendor\"},\n            {\"field\": \"product\", \"newField\": \"product\"},\n            {\"field\": \"installation_date\", \"newField\": \"installationDate\"},\n            {\"field\": \"created_at\", \"newField\": \"createdAt\"}\n        ]\n\t}\n```\n\n\n",
        "summary": "Export CVE data",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "machine_id",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "installation_date",
                            "host_name",
                            "fully_qualified_host_name",
                            "domain_name",
                            "alias",
                            "created_at",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "cve_id",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "severity",
                            "severity_score",
                            "published_at",
                            "description",
                            "cvss20_score",
                            "cvss30_score",
                            "latest_version_available",
                            "product_signature",
                            "architecture",
                            "language",
                            "supports_update"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch CVEs",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search assets cve request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for an exact match"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name.keyword. Search for the matches that contain the value"
                            },
                            "not.account_name": {
                              "type": "string",
                              "title": "Filter the search by not.account_name. Search for the matches that are not equal to the value"
                            },
                            "not.account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.account_name.keyword. Search for the matches that do not contain the value"
                            },
                            "parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for an exact match"
                            },
                            "parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                            },
                            "not.parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                            },
                            "not.parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for an exact match"
                            },
                            "root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                            },
                            "not.root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for an exact match"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for an exact match"
                            },
                            "object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                            },
                            "not.object_guid": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                            },
                            "not.object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for an exact match"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for an exact match"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                            },
                            "alias": {
                              "type": "string",
                              "title": "Filter the search by alias. Search for an exact match"
                            },
                            "alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by alias.keyword. Search for the matches that contain the value"
                            },
                            "not.alias": {
                              "type": "string",
                              "title": "Filter the search by not.alias. Search for the matches that are not equal to the value"
                            },
                            "not.alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.alias.keyword. Search for the matches that do not contain the value"
                            },
                            "sort_name": {
                              "type": "string",
                              "title": "Filter the search by sort_name. Search for an exact match"
                            },
                            "sort_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by sort_name.keyword. Search for the matches that contain the value"
                            },
                            "not.sort_name": {
                              "type": "string",
                              "title": "Filter the search by not.sort_name. Search for the matches that are not equal to the value"
                            },
                            "not.sort_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.sort_name.keyword. Search for the matches that do not contain the value"
                            },
                            "vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for an exact match"
                            },
                            "vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.vendor": {
                              "type": "string",
                              "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                            },
                            "not.vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for an exact match"
                            },
                            "normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_vendor. Search for the matches that are not equal to the value"
                            },
                            "not.normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "display_vendor": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for an exact match"
                            },
                            "display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.display_vendor": {
                              "type": "string",
                              "title": "Filter the search by not.display_vendor. Search for the matches that are not equal to the value"
                            },
                            "not.display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for an exact match"
                            },
                            "product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                            },
                            "not.product": {
                              "type": "string",
                              "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                            },
                            "not.product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                            },
                            "normalized_product": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for an exact match"
                            },
                            "normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_product.keyword. Search for the matches that contain the value"
                            },
                            "not.normalized_product": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_product. Search for the matches that are not equal to the value"
                            },
                            "not.normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_product.keyword. Search for the matches that do not contain the value"
                            },
                            "display_product": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for an exact match"
                            },
                            "display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_product.keyword. Search for the matches that contain the value"
                            },
                            "not.display_product": {
                              "type": "string",
                              "title": "Filter the search by not.display_product. Search for the matches that are not equal to the value"
                            },
                            "not.display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_product.keyword. Search for the matches that do not contain the value"
                            },
                            "installed_version": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for an exact match"
                            },
                            "installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by installed_version.keyword. Search for the matches that contain the value"
                            },
                            "not.installed_version": {
                              "type": "string",
                              "title": "Filter the search by not.installed_version. Search for the matches that are not equal to the value"
                            },
                            "not.installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.installed_version.keyword. Search for the matches that do not contain the value"
                            },
                            "normalized_installed_version": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for an exact match"
                            },
                            "normalized_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version.keyword. Search for the matches that contain the value"
                            },
                            "not.normalized_installed_version": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_installed_version. Search for the matches that are not equal to the value"
                            },
                            "not.normalized_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_installed_version.keyword. Search for the matches that do not contain the value"
                            },
                            "display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for an exact match"
                            },
                            "display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version.keyword. Search for the matches that contain the value"
                            },
                            "not.display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by not.display_installed_version. Search for the matches that are not equal to the value"
                            },
                            "not.display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_installed_version.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for an exact match"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for an exact match"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for an exact match"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                            },
                            "cve_id": {
                              "type": "string",
                              "title": "Filter the search by cve_id. Search for an exact match"
                            },
                            "cve_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by cve_id.keyword. Search for the matches that contain the value"
                            },
                            "not.cve_id": {
                              "type": "string",
                              "title": "Filter the search by not.cve_id. Search for the matches that are not equal to the value"
                            },
                            "not.cve_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cve_id.keyword. Search for the matches that do not contain the value"
                            },
                            "severity": {
                              "type": "string",
                              "title": "Filter the search by severity. Search for an exact match"
                            },
                            "severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                            },
                            "not.severity": {
                              "type": "string",
                              "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                            },
                            "not.severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                            },
                            "document_id": {
                              "type": "string",
                              "title": "Filter with document_id"
                            },
                            "document_id.keyword": {
                              "type": "string",
                              "title": "Filter with document_id.keyword"
                            },
                            "cisa_exploitable": {
                              "type": "boolean",
                              "title": "Filter the search by cisa_exploitable. Search for an exact match"
                            },
                            "known_ransomware_campaign_use": {
                              "type": "boolean",
                              "title": "Filter the search by known_ransomware_campaign_use. Search for an exact match"
                            },
                            "severity_score": {
                              "type": "number",
                              "title": "Filter the search by severity_score. Search for an exact match"
                            },
                            "severity_score_lt": {
                              "type": "number",
                              "title": "Filter the search by severity_score_lt. Search for the documents that are less than the value"
                            },
                            "severity_score_lte": {
                              "type": "number",
                              "title": "Filter the search by severity_score_lte. Search for the documents that are less than the value"
                            },
                            "severity_score_gt": {
                              "type": "number",
                              "title": "Filter the search by severity_score_gt. Search for the documents that are greater than the value"
                            },
                            "severity_score_gte": {
                              "type": "number",
                              "title": "Filter the search by severity_score_gte. Search for the documents that are greater than the value"
                            },
                            "installation_date_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by installation_date_before. Search for an exact match"
                            },
                            "installation_date_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by installation_date_after. Search for an exact match"
                            },
                            "created_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by created_at_before. Search for an exact match"
                            },
                            "created_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by created_at_after. Search for an exact match"
                            },
                            "published_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by published_at_before. Search for an exact match"
                            },
                            "published_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by published_at_after. Search for an exact match"
                            },
                            "cvss20_score": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score. Search for an exact match of the integer value"
                            },
                            "cvss20_score_lt": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_lt. Search for the documents that are less than the value"
                            },
                            "cvss20_score_lte": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_lte. Search for the documents that are less or equal than the value"
                            },
                            "cvss20_score_gt": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_gt. Search for the documents that are greater than the value"
                            },
                            "cvss20_score_gte": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_gte. Search for the documents that are greater or equal than the value"
                            },
                            "cvss30_score": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score. Search for an exact match of the integer value"
                            },
                            "cvss30_score_lt": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_lt. Search for the documents that are less than the value"
                            },
                            "cvss30_score_lte": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_lte. Search for the documents that are less or equal than the value"
                            },
                            "cvss30_score_gt": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_gt. Search for the documents that are greater than the value"
                            },
                            "cvss30_score_gte": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_gte. Search for the documents that are greater or equal than the value"
                            },
                            "product_signature": {
                              "type": "number",
                              "title": "Filter the search by product_signature. Search for an exact match"
                            },
                            "latest_version_available": {
                              "type": "string",
                              "title": "Filter the search by latest_version_available. Search for an exact match"
                            },
                            "architecture": {
                              "type": "string",
                              "title": "Filter the search by software architecture. Search for an exact match"
                            },
                            "language": {
                              "type": "string",
                              "title": "Filter the search by software language. Search for an exact match"
                            },
                            "supports_update": {
                              "type": "boolean",
                              "title": "Filter the search by supports_update. Search for an exact match"
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Filter with alises"
                            },
                            "exists": {
                              "type": "array",
                              "title": "Filter the results for records that have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "not.exists": {
                              "type": "array",
                              "title": "Filter the results for records that do not have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "account_id",
                                "account_name",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "sort_name",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "cve_id",
                                "severity",
                                "installation_date",
                                "created_at",
                                "published_at",
                                "cisa_exploitable",
                                "known_ransomware_campaign_use",
                                "severity_score",
                                "cvss20_score",
                                "cvss30_score",
                                "group_name",
                                "domain_name",
                                "supports_update"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "endpoints",
                                  "object_guid",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "sort_name",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "cve_id",
                                  "severity",
                                  "severity_score",
                                  "cisa_exploitable",
                                  "known_ransomware_campaign_use",
                                  "cvss20_score",
                                  "cvss30_score"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Vulnerability Management"
        ],
        "operationId": "api.nebula.post.export.cve"
      }
    },
    "/nebula/v1/cve/export/async": {
      "post": {
        "description": "Export CVE data asynchronously.",
        "summary": "Export CVE data asynchronously",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "machine_id",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "installation_date",
                            "host_name",
                            "fully_qualified_host_name",
                            "domain_name",
                            "alias",
                            "created_at",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "cve_id",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "severity",
                            "severity_score",
                            "published_at",
                            "description",
                            "cvss20_score",
                            "cvss30_score",
                            "latest_version_available",
                            "product_signature",
                            "architecture",
                            "language",
                            "supports_update"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch CVEs",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search assets cve request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "account_name": {
                              "type": "string",
                              "title": "Filter the search by account_name. Search for an exact match"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_name.keyword. Search for the matches that contain the value"
                            },
                            "not.account_name": {
                              "type": "string",
                              "title": "Filter the search by not.account_name. Search for the matches that are not equal to the value"
                            },
                            "not.account_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.account_name.keyword. Search for the matches that do not contain the value"
                            },
                            "parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for an exact match"
                            },
                            "parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                            },
                            "not.parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                            },
                            "not.parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for an exact match"
                            },
                            "root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                            },
                            "not.root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for an exact match"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for an exact match"
                            },
                            "object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                            },
                            "not.object_guid": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                            },
                            "not.object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for an exact match"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for an exact match"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                            },
                            "alias": {
                              "type": "string",
                              "title": "Filter the search by alias. Search for an exact match"
                            },
                            "alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by alias.keyword. Search for the matches that contain the value"
                            },
                            "not.alias": {
                              "type": "string",
                              "title": "Filter the search by not.alias. Search for the matches that are not equal to the value"
                            },
                            "not.alias.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.alias.keyword. Search for the matches that do not contain the value"
                            },
                            "sort_name": {
                              "type": "string",
                              "title": "Filter the search by sort_name. Search for an exact match"
                            },
                            "sort_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by sort_name.keyword. Search for the matches that contain the value"
                            },
                            "not.sort_name": {
                              "type": "string",
                              "title": "Filter the search by not.sort_name. Search for the matches that are not equal to the value"
                            },
                            "not.sort_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.sort_name.keyword. Search for the matches that do not contain the value"
                            },
                            "vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for an exact match"
                            },
                            "vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.vendor": {
                              "type": "string",
                              "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                            },
                            "not.vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor. Search for an exact match"
                            },
                            "normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.normalized_vendor": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_vendor. Search for the matches that are not equal to the value"
                            },
                            "not.normalized_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "display_vendor": {
                              "type": "string",
                              "title": "Filter the search by display_vendor. Search for an exact match"
                            },
                            "display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.display_vendor": {
                              "type": "string",
                              "title": "Filter the search by not.display_vendor. Search for the matches that are not equal to the value"
                            },
                            "not.display_vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for an exact match"
                            },
                            "product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                            },
                            "not.product": {
                              "type": "string",
                              "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                            },
                            "not.product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                            },
                            "normalized_product": {
                              "type": "string",
                              "title": "Filter the search by normalized_product. Search for an exact match"
                            },
                            "normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_product.keyword. Search for the matches that contain the value"
                            },
                            "not.normalized_product": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_product. Search for the matches that are not equal to the value"
                            },
                            "not.normalized_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_product.keyword. Search for the matches that do not contain the value"
                            },
                            "display_product": {
                              "type": "string",
                              "title": "Filter the search by display_product. Search for an exact match"
                            },
                            "display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_product.keyword. Search for the matches that contain the value"
                            },
                            "not.display_product": {
                              "type": "string",
                              "title": "Filter the search by not.display_product. Search for the matches that are not equal to the value"
                            },
                            "not.display_product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_product.keyword. Search for the matches that do not contain the value"
                            },
                            "installed_version": {
                              "type": "string",
                              "title": "Filter the search by installed_version. Search for an exact match"
                            },
                            "installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by installed_version.keyword. Search for the matches that contain the value"
                            },
                            "not.installed_version": {
                              "type": "string",
                              "title": "Filter the search by not.installed_version. Search for the matches that are not equal to the value"
                            },
                            "not.installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.installed_version.keyword. Search for the matches that do not contain the value"
                            },
                            "normalized_installed_version": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version. Search for an exact match"
                            },
                            "normalized_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by normalized_installed_version.keyword. Search for the matches that contain the value"
                            },
                            "not.normalized_installed_version": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_installed_version. Search for the matches that are not equal to the value"
                            },
                            "not.normalized_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.normalized_installed_version.keyword. Search for the matches that do not contain the value"
                            },
                            "display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version. Search for an exact match"
                            },
                            "display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_installed_version.keyword. Search for the matches that contain the value"
                            },
                            "not.display_installed_version": {
                              "type": "string",
                              "title": "Filter the search by not.display_installed_version. Search for the matches that are not equal to the value"
                            },
                            "not.display_installed_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_installed_version.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for an exact match"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for an exact match"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for an exact match"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                            },
                            "cve_id": {
                              "type": "string",
                              "title": "Filter the search by cve_id. Search for an exact match"
                            },
                            "cve_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by cve_id.keyword. Search for the matches that contain the value"
                            },
                            "not.cve_id": {
                              "type": "string",
                              "title": "Filter the search by not.cve_id. Search for the matches that are not equal to the value"
                            },
                            "not.cve_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.cve_id.keyword. Search for the matches that do not contain the value"
                            },
                            "severity": {
                              "type": "string",
                              "title": "Filter the search by severity. Search for an exact match"
                            },
                            "severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                            },
                            "not.severity": {
                              "type": "string",
                              "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                            },
                            "not.severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                            },
                            "document_id": {
                              "type": "string",
                              "title": "Filter with document_id"
                            },
                            "document_id.keyword": {
                              "type": "string",
                              "title": "Filter with document_id.keyword"
                            },
                            "cisa_exploitable": {
                              "type": "boolean",
                              "title": "Filter the search by cisa_exploitable. Search for an exact match"
                            },
                            "known_ransomware_campaign_use": {
                              "type": "boolean",
                              "title": "Filter the search by known_ransomware_campaign_use. Search for an exact match"
                            },
                            "severity_score": {
                              "type": "number",
                              "title": "Filter the search by severity_score. Search for an exact match"
                            },
                            "severity_score_lt": {
                              "type": "number",
                              "title": "Filter the search by severity_score_lt. Search for the documents that are less than the value"
                            },
                            "severity_score_lte": {
                              "type": "number",
                              "title": "Filter the search by severity_score_lte. Search for the documents that are less than the value"
                            },
                            "severity_score_gt": {
                              "type": "number",
                              "title": "Filter the search by severity_score_gt. Search for the documents that are greater than the value"
                            },
                            "severity_score_gte": {
                              "type": "number",
                              "title": "Filter the search by severity_score_gte. Search for the documents that are greater than the value"
                            },
                            "installation_date_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by installation_date_before. Search for an exact match"
                            },
                            "installation_date_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by installation_date_after. Search for an exact match"
                            },
                            "created_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by created_at_before. Search for an exact match"
                            },
                            "created_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by created_at_after. Search for an exact match"
                            },
                            "published_at_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by published_at_before. Search for an exact match"
                            },
                            "published_at_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by published_at_after. Search for an exact match"
                            },
                            "cvss20_score": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score. Search for an exact match of the integer value"
                            },
                            "cvss20_score_lt": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_lt. Search for the documents that are less than the value"
                            },
                            "cvss20_score_lte": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_lte. Search for the documents that are less or equal than the value"
                            },
                            "cvss20_score_gt": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_gt. Search for the documents that are greater than the value"
                            },
                            "cvss20_score_gte": {
                              "type": "number",
                              "title": "Filter the search by cvss20_score_gte. Search for the documents that are greater or equal than the value"
                            },
                            "cvss30_score": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score. Search for an exact match of the integer value"
                            },
                            "cvss30_score_lt": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_lt. Search for the documents that are less than the value"
                            },
                            "cvss30_score_lte": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_lte. Search for the documents that are less or equal than the value"
                            },
                            "cvss30_score_gt": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_gt. Search for the documents that are greater than the value"
                            },
                            "cvss30_score_gte": {
                              "type": "number",
                              "title": "Filter the search by cvss30_score_gte. Search for the documents that are greater or equal than the value"
                            },
                            "product_signature": {
                              "type": "number",
                              "title": "Filter the search by product_signature. Search for an exact match"
                            },
                            "latest_version_available": {
                              "type": "string",
                              "title": "Filter the search by latest_version_available. Search for an exact match"
                            },
                            "architecture": {
                              "type": "string",
                              "title": "Filter the search by software architecture. Search for an exact match"
                            },
                            "language": {
                              "type": "string",
                              "title": "Filter the search by software language. Search for an exact match"
                            },
                            "supports_update": {
                              "type": "boolean",
                              "title": "Filter the search by supports_update. Search for an exact match"
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Filter with alises"
                            },
                            "exists": {
                              "type": "array",
                              "title": "Filter the results for records that have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "not.exists": {
                              "type": "array",
                              "title": "Filter the results for records that do not have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "account_id",
                                "account_name",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "sort_name",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "cve_id",
                                "severity",
                                "installation_date",
                                "created_at",
                                "published_at",
                                "cisa_exploitable",
                                "known_ransomware_campaign_use",
                                "severity_score",
                                "cvss20_score",
                                "cvss30_score",
                                "group_name",
                                "domain_name",
                                "supports_update"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "parent_account_id",
                                  "group_id",
                                  "root_group_id",
                                  "machine_id",
                                  "endpoints",
                                  "object_guid",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "alias",
                                  "sort_name",
                                  "vendor",
                                  "normalized_vendor",
                                  "display_vendor",
                                  "product",
                                  "normalized_product",
                                  "display_product",
                                  "installed_version",
                                  "normalized_installed_version",
                                  "display_installed_version",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "cve_id",
                                  "severity",
                                  "severity_score",
                                  "cisa_exploitable",
                                  "known_ransomware_campaign_use",
                                  "cvss20_score",
                                  "cvss30_score"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Vulnerability Management"
        ],
        "operationId": "api.nebula.post.export.cve.async"
      }
    },
    "/nebula/v1/cve/{id}": {
      "get": {
        "description": "Get CVE details by id",
        "summary": "Get CVE details by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "cve": {
                      "type": "string",
                      "title": "CVE identifier"
                    },
                    "cwe": {
                      "type": "string",
                      "title": "CWE identifier"
                    },
                    "is_cisa_exploitable": {
                      "type": "boolean",
                      "title": "whether is cisa exploitable"
                    },
                    "known_ransomware_campaign_use": {
                      "type": "boolean",
                      "title": "whether is known to be used in ransomwar campaign"
                    },
                    "published_epoch": {
                      "type": "integer",
                      "title": "Published epoch"
                    },
                    "last_modified_epoch": {
                      "type": "integer",
                      "title": "last modified epoch"
                    },
                    "references": {
                      "title": "List of references",
                      "type": "array",
                      "items": [
                        {
                          "type": "object",
                          "properties": {
                            "url": {
                              "type": "string"
                            },
                            "name": {
                              "type": "string"
                            },
                            "reference_type": {
                              "type": "string"
                            },
                            "source": {
                              "type": "string"
                            }
                          },
                          "required": [
                            "url",
                            "name",
                            "reference_type",
                            "source"
                          ]
                        }
                      ]
                    },
                    "cvss_2_0": {
                      "type": "object",
                      "properties": {
                        "score": {
                          "type": "string"
                        },
                        "access_vector": {
                          "type": "string"
                        },
                        "access_complexity": {
                          "type": "string"
                        },
                        "authentication": {
                          "type": "string"
                        },
                        "confidentiality_impact": {
                          "type": "string"
                        },
                        "integrity_impact": {
                          "type": "string"
                        },
                        "availability_impact": {
                          "type": "string"
                        },
                        "source": {
                          "type": "string"
                        },
                        "impact_score": {
                          "type": "string"
                        },
                        "exploitability_score": {
                          "type": "string"
                        }
                      },
                      "required": [
                        "score",
                        "access_vector",
                        "access_complexity",
                        "authentication",
                        "confidentiality_impact",
                        "integrity_impact",
                        "availability_impact",
                        "source",
                        "impact_score",
                        "exploitability_score"
                      ]
                    },
                    "severity_index": {
                      "type": "integer"
                    },
                    "severity": {
                      "type": "string"
                    },
                    "vulnerable_software_list": {
                      "type": "array",
                      "items": [
                        {
                          "type": "string"
                        }
                      ]
                    },
                    "cvss_3_0": {
                      "type": "object",
                      "properties": {
                        "impact_score": {
                          "type": "string"
                        },
                        "vector_string": {
                          "type": "string"
                        },
                        "attack_vector": {
                          "type": "string"
                        },
                        "attack_complexity": {
                          "type": "string"
                        },
                        "privileges_required": {
                          "type": "string"
                        },
                        "user_interaction": {
                          "type": "string"
                        },
                        "scope": {
                          "type": "string"
                        },
                        "confidentiality_impact": {
                          "type": "string"
                        },
                        "integrity_impact": {
                          "type": "string"
                        },
                        "availability_impact": {
                          "type": "string"
                        },
                        "base_score": {
                          "type": "string"
                        },
                        "base_severity": {
                          "type": "string"
                        },
                        "exploitability_score": {
                          "type": "string"
                        },
                        "opswat_temporal_score": {
                          "type": "object",
                          "properties": {
                            "exploitability": {
                              "type": "string"
                            },
                            "remediation_level": {
                              "type": "string"
                            },
                            "report_confidence": {
                              "type": "string"
                            },
                            "temporal_score": {
                              "type": "string"
                            },
                            "generated_on_epoch": {
                              "type": "integer"
                            },
                            "cve_last_modified_epoch": {
                              "type": "integer"
                            }
                          },
                          "required": []
                        },
                        "revision": {
                          "type": "string"
                        }
                      },
                      "required": []
                    },
                    "resolution": {
                      "type": "array",
                      "items": [
                        {
                          "type": "object",
                          "properties": {
                            "product_id": {
                              "type": "integer"
                            },
                            "signature_ids": {
                              "type": "array",
                              "items": {
                                "type": "number"
                              }
                            },
                            "product_name": {
                              "type": "string"
                            },
                            "text": {
                              "type": "string"
                            },
                            "advisory_url": {
                              "type": "string"
                            },
                            "higher_than_version": {
                              "type": "string"
                            },
                            "higher_than_or_equal_to_version": {
                              "type": "string"
                            }
                          },
                          "required": []
                        }
                      ]
                    },
                    "opswat_product_info": {
                      "type": "array",
                      "items": [
                        {
                          "type": "object",
                          "properties": {
                            "product": {
                              "type": "object",
                              "properties": {
                                "name": {
                                  "type": "string"
                                },
                                "id": {
                                  "type": "integer"
                                }
                              },
                              "required": []
                            },
                            "ranges": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "object",
                                  "properties": {
                                    "start": {
                                      "type": "string"
                                    },
                                    "limit": {
                                      "type": "string"
                                    }
                                  },
                                  "required": []
                                }
                              ]
                            },
                            "vendor": {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer"
                                },
                                "name": {
                                  "type": "string"
                                }
                              },
                              "required": []
                            }
                          },
                          "required": []
                        },
                        {
                          "type": "object",
                          "properties": {
                            "product": {
                              "type": "object",
                              "properties": {
                                "name": {
                                  "type": "string"
                                },
                                "id": {
                                  "type": "integer"
                                }
                              },
                              "required": []
                            },
                            "ranges": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "object",
                                  "properties": {
                                    "start": {
                                      "type": "string"
                                    },
                                    "limit": {
                                      "type": "string"
                                    }
                                  },
                                  "required": []
                                }
                              ]
                            },
                            "vendor": {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer"
                                },
                                "name": {
                                  "type": "string"
                                }
                              },
                              "required": []
                            }
                          },
                          "required": []
                        }
                      ]
                    },
                    "description": {
                      "type": "string"
                    }
                  },
                  "required": [
                    "cve",
                    "published_epoch",
                    "last_modified_epoch",
                    "references",
                    "cvss_2_0",
                    "severity_index",
                    "severity",
                    "vulnerable_software_list",
                    "description"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Vulnerability Management"
        ],
        "operationId": "api.nebula.get.cve.id"
      }
    },
    "/nebula/v1/cve/bulk": {
      "post": {
        "description": "Get CVE details by ids",
        "summary": "Get CVE details by ids",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Get CVE-s by CVE IDs",
                "required": [
                  "ids"
                ],
                "properties": {
                  "ids": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    },
                    "title": "CVE IDs to search for"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "array",
                  "title": "Get CVEs",
                  "items": {
                    "type": "object",
                    "properties": {
                      "cve": {
                        "type": "string",
                        "title": "CVE identifier"
                      },
                      "cwe": {
                        "type": "string",
                        "title": "CWE identifier"
                      },
                      "is_cisa_exploitable": {
                        "type": "boolean",
                        "title": "whether is cisa exploitable"
                      },
                      "known_ransomware_campaign_use": {
                        "type": "boolean",
                        "title": "whether is known to be used in ransomwar campaign"
                      },
                      "published_epoch": {
                        "type": "integer",
                        "title": "Published epoch"
                      },
                      "last_modified_epoch": {
                        "type": "integer",
                        "title": "last modified epoch"
                      },
                      "references": {
                        "title": "List of references",
                        "type": "array",
                        "items": [
                          {
                            "type": "object",
                            "properties": {
                              "url": {
                                "type": "string"
                              },
                              "name": {
                                "type": "string"
                              },
                              "reference_type": {
                                "type": "string"
                              },
                              "source": {
                                "type": "string"
                              }
                            },
                            "required": [
                              "url",
                              "name",
                              "reference_type",
                              "source"
                            ]
                          }
                        ]
                      },
                      "cvss_2_0": {
                        "type": "object",
                        "properties": {
                          "score": {
                            "type": "string"
                          },
                          "access_vector": {
                            "type": "string"
                          },
                          "access_complexity": {
                            "type": "string"
                          },
                          "authentication": {
                            "type": "string"
                          },
                          "confidentiality_impact": {
                            "type": "string"
                          },
                          "integrity_impact": {
                            "type": "string"
                          },
                          "availability_impact": {
                            "type": "string"
                          },
                          "source": {
                            "type": "string"
                          },
                          "impact_score": {
                            "type": "string"
                          },
                          "exploitability_score": {
                            "type": "string"
                          }
                        },
                        "required": [
                          "score",
                          "access_vector",
                          "access_complexity",
                          "authentication",
                          "confidentiality_impact",
                          "integrity_impact",
                          "availability_impact",
                          "source",
                          "impact_score",
                          "exploitability_score"
                        ]
                      },
                      "severity_index": {
                        "type": "integer"
                      },
                      "severity": {
                        "type": "string"
                      },
                      "vulnerable_software_list": {
                        "type": "array",
                        "items": [
                          {
                            "type": "string"
                          }
                        ]
                      },
                      "cvss_3_0": {
                        "type": "object",
                        "properties": {
                          "impact_score": {
                            "type": "string"
                          },
                          "vector_string": {
                            "type": "string"
                          },
                          "attack_vector": {
                            "type": "string"
                          },
                          "attack_complexity": {
                            "type": "string"
                          },
                          "privileges_required": {
                            "type": "string"
                          },
                          "user_interaction": {
                            "type": "string"
                          },
                          "scope": {
                            "type": "string"
                          },
                          "confidentiality_impact": {
                            "type": "string"
                          },
                          "integrity_impact": {
                            "type": "string"
                          },
                          "availability_impact": {
                            "type": "string"
                          },
                          "base_score": {
                            "type": "string"
                          },
                          "base_severity": {
                            "type": "string"
                          },
                          "exploitability_score": {
                            "type": "string"
                          },
                          "opswat_temporal_score": {
                            "type": "object",
                            "properties": {
                              "exploitability": {
                                "type": "string"
                              },
                              "remediation_level": {
                                "type": "string"
                              },
                              "report_confidence": {
                                "type": "string"
                              },
                              "temporal_score": {
                                "type": "string"
                              },
                              "generated_on_epoch": {
                                "type": "integer"
                              },
                              "cve_last_modified_epoch": {
                                "type": "integer"
                              }
                            },
                            "required": []
                          },
                          "revision": {
                            "type": "string"
                          }
                        },
                        "required": []
                      },
                      "resolution": {
                        "type": "array",
                        "items": [
                          {
                            "type": "object",
                            "properties": {
                              "product_id": {
                                "type": "integer"
                              },
                              "signature_ids": {
                                "type": "array",
                                "items": {
                                  "type": "number"
                                }
                              },
                              "product_name": {
                                "type": "string"
                              },
                              "text": {
                                "type": "string"
                              },
                              "advisory_url": {
                                "type": "string"
                              },
                              "higher_than_version": {
                                "type": "string"
                              },
                              "higher_than_or_equal_to_version": {
                                "type": "string"
                              }
                            },
                            "required": []
                          }
                        ]
                      },
                      "opswat_product_info": {
                        "type": "array",
                        "items": [
                          {
                            "type": "object",
                            "properties": {
                              "product": {
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string"
                                  },
                                  "id": {
                                    "type": "integer"
                                  }
                                },
                                "required": []
                              },
                              "ranges": {
                                "type": "array",
                                "items": [
                                  {
                                    "type": "object",
                                    "properties": {
                                      "start": {
                                        "type": "string"
                                      },
                                      "limit": {
                                        "type": "string"
                                      }
                                    },
                                    "required": []
                                  }
                                ]
                              },
                              "vendor": {
                                "type": "object",
                                "properties": {
                                  "id": {
                                    "type": "integer"
                                  },
                                  "name": {
                                    "type": "string"
                                  }
                                },
                                "required": []
                              }
                            },
                            "required": []
                          },
                          {
                            "type": "object",
                            "properties": {
                              "product": {
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string"
                                  },
                                  "id": {
                                    "type": "integer"
                                  }
                                },
                                "required": []
                              },
                              "ranges": {
                                "type": "array",
                                "items": [
                                  {
                                    "type": "object",
                                    "properties": {
                                      "start": {
                                        "type": "string"
                                      },
                                      "limit": {
                                        "type": "string"
                                      }
                                    },
                                    "required": []
                                  }
                                ]
                              },
                              "vendor": {
                                "type": "object",
                                "properties": {
                                  "id": {
                                    "type": "integer"
                                  },
                                  "name": {
                                    "type": "string"
                                  }
                                },
                                "required": []
                              }
                            },
                            "required": []
                          }
                        ]
                      },
                      "description": {
                        "type": "string"
                      }
                    },
                    "required": [
                      "cve",
                      "published_epoch",
                      "last_modified_epoch",
                      "references",
                      "cvss_2_0",
                      "severity_index",
                      "severity",
                      "vulnerable_software_list",
                      "description"
                    ]
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Vulnerability Management"
        ],
        "operationId": "api.nebula.get.cves.bulk"
      }
    },
    "/nebula/v1/cve": {
      "post": {
        "description": "Search CVE.",
        "summary": "Search CVE",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search assets cve request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "properties": {
                  "account_name": {
                    "type": "string",
                    "title": "Filter the search by account_name. Search for an exact match"
                  },
                  "account_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by account_name.keyword. Search for the matches that contain the value"
                  },
                  "not.account_name": {
                    "type": "string",
                    "title": "Filter the search by not.account_name. Search for the matches that are not equal to the value"
                  },
                  "not.account_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.account_name.keyword. Search for the matches that do not contain the value"
                  },
                  "parent_account_id": {
                    "type": "string",
                    "title": "Filter the search by parent_account_id. Search for an exact match"
                  },
                  "parent_account_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                  },
                  "not.parent_account_id": {
                    "type": "string",
                    "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                  },
                  "not.parent_account_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that do not contain the value"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter the search by group_id. Search for an exact match"
                  },
                  "group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                  },
                  "not.group_id": {
                    "type": "string",
                    "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                  },
                  "not.group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                  },
                  "root_group_id": {
                    "type": "string",
                    "title": "Filter the search by root_group_id. Search for an exact match"
                  },
                  "root_group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                  },
                  "not.root_group_id": {
                    "type": "string",
                    "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                  },
                  "not.root_group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter the search by group_name. Search for an exact match"
                  },
                  "group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                  },
                  "not.group_name": {
                    "type": "string",
                    "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                  },
                  "not.group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Filter the search by machine_id. Search for an exact match"
                  },
                  "machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                  },
                  "not.machine_id": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                  },
                  "not.machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                  },
                  "object_guid": {
                    "type": "string",
                    "title": "Filter the search by object_guid. Search for an exact match"
                  },
                  "object_guid.keyword": {
                    "type": "string",
                    "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                  },
                  "not.object_guid": {
                    "type": "string",
                    "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                  },
                  "not.object_guid.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for an exact match"
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                  },
                  "not.host_name": {
                    "type": "string",
                    "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                  },
                  "not.host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                  },
                  "not.fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                  },
                  "not.fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for an exact match"
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                  },
                  "not.domain_name": {
                    "type": "string",
                    "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                  },
                  "not.domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                  },
                  "alias": {
                    "type": "string",
                    "title": "Filter the search by alias. Search for an exact match"
                  },
                  "alias.keyword": {
                    "type": "string",
                    "title": "Filter the search by alias.keyword. Search for the matches that contain the value"
                  },
                  "not.alias": {
                    "type": "string",
                    "title": "Filter the search by not.alias. Search for the matches that are not equal to the value"
                  },
                  "not.alias.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.alias.keyword. Search for the matches that do not contain the value"
                  },
                  "sort_name": {
                    "type": "string",
                    "title": "Filter the search by sort_name. Search for an exact match"
                  },
                  "sort_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by sort_name.keyword. Search for the matches that contain the value"
                  },
                  "not.sort_name": {
                    "type": "string",
                    "title": "Filter the search by not.sort_name. Search for the matches that are not equal to the value"
                  },
                  "not.sort_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.sort_name.keyword. Search for the matches that do not contain the value"
                  },
                  "vendor": {
                    "type": "string",
                    "title": "Filter the search by vendor. Search for an exact match"
                  },
                  "vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                  },
                  "not.vendor": {
                    "type": "string",
                    "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                  },
                  "not.vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                  },
                  "normalized_vendor": {
                    "type": "string",
                    "title": "Filter the search by normalized_vendor. Search for an exact match"
                  },
                  "normalized_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_vendor.keyword. Search for the matches that contain the value"
                  },
                  "not.normalized_vendor": {
                    "type": "string",
                    "title": "Filter the search by not.normalized_vendor. Search for the matches that are not equal to the value"
                  },
                  "not.normalized_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.normalized_vendor.keyword. Search for the matches that do not contain the value"
                  },
                  "display_vendor": {
                    "type": "string",
                    "title": "Filter the search by display_vendor. Search for an exact match"
                  },
                  "display_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_vendor.keyword. Search for the matches that contain the value"
                  },
                  "not.display_vendor": {
                    "type": "string",
                    "title": "Filter the search by not.display_vendor. Search for the matches that are not equal to the value"
                  },
                  "not.display_vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.display_vendor.keyword. Search for the matches that do not contain the value"
                  },
                  "product": {
                    "type": "string",
                    "title": "Filter the search by product. Search for an exact match"
                  },
                  "product.keyword": {
                    "type": "string",
                    "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                  },
                  "not.product": {
                    "type": "string",
                    "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                  },
                  "not.product.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                  },
                  "normalized_product": {
                    "type": "string",
                    "title": "Filter the search by normalized_product. Search for an exact match"
                  },
                  "normalized_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_product.keyword. Search for the matches that contain the value"
                  },
                  "not.normalized_product": {
                    "type": "string",
                    "title": "Filter the search by not.normalized_product. Search for the matches that are not equal to the value"
                  },
                  "not.normalized_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.normalized_product.keyword. Search for the matches that do not contain the value"
                  },
                  "display_product": {
                    "type": "string",
                    "title": "Filter the search by display_product. Search for an exact match"
                  },
                  "display_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_product.keyword. Search for the matches that contain the value"
                  },
                  "not.display_product": {
                    "type": "string",
                    "title": "Filter the search by not.display_product. Search for the matches that are not equal to the value"
                  },
                  "not.display_product.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.display_product.keyword. Search for the matches that do not contain the value"
                  },
                  "installed_version": {
                    "type": "string",
                    "title": "Filter the search by installed_version. Search for an exact match"
                  },
                  "installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by installed_version.keyword. Search for the matches that contain the value"
                  },
                  "not.installed_version": {
                    "type": "string",
                    "title": "Filter the search by not.installed_version. Search for the matches that are not equal to the value"
                  },
                  "not.installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.installed_version.keyword. Search for the matches that do not contain the value"
                  },
                  "normalized_installed_version": {
                    "type": "string",
                    "title": "Filter the search by normalized_installed_version. Search for an exact match"
                  },
                  "normalized_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by normalized_installed_version.keyword. Search for the matches that contain the value"
                  },
                  "not.normalized_installed_version": {
                    "type": "string",
                    "title": "Filter the search by not.normalized_installed_version. Search for the matches that are not equal to the value"
                  },
                  "not.normalized_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.normalized_installed_version.keyword. Search for the matches that do not contain the value"
                  },
                  "display_installed_version": {
                    "type": "string",
                    "title": "Filter the search by display_installed_version. Search for an exact match"
                  },
                  "display_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_installed_version.keyword. Search for the matches that contain the value"
                  },
                  "not.display_installed_version": {
                    "type": "string",
                    "title": "Filter the search by not.display_installed_version. Search for the matches that are not equal to the value"
                  },
                  "not.display_installed_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.display_installed_version.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for an exact match"
                  },
                  "os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for an exact match"
                  },
                  "os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for an exact match"
                  },
                  "os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                  },
                  "os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                  },
                  "os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                  },
                  "cve_id": {
                    "type": "string",
                    "title": "Filter the search by cve_id. Search for an exact match"
                  },
                  "cve_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by cve_id.keyword. Search for the matches that contain the value"
                  },
                  "not.cve_id": {
                    "type": "string",
                    "title": "Filter the search by not.cve_id. Search for the matches that are not equal to the value"
                  },
                  "not.cve_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.cve_id.keyword. Search for the matches that do not contain the value"
                  },
                  "severity": {
                    "type": "string",
                    "title": "Filter the search by severity. Search for an exact match"
                  },
                  "severity.keyword": {
                    "type": "string",
                    "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                  },
                  "not.severity": {
                    "type": "string",
                    "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                  },
                  "not.severity.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                  },
                  "document_id": {
                    "type": "string",
                    "title": "Filter with document_id"
                  },
                  "document_id.keyword": {
                    "type": "string",
                    "title": "Filter with document_id.keyword"
                  },
                  "cisa_exploitable": {
                    "type": "boolean",
                    "title": "Filter the search by cisa_exploitable. Search for an exact match"
                  },
                  "known_ransomware_campaign_use": {
                    "type": "boolean",
                    "title": "Filter the search by known_ransomware_campaign_use. Search for an exact match"
                  },
                  "severity_score": {
                    "type": "number",
                    "title": "Filter the search by severity_score. Search for an exact match"
                  },
                  "severity_score_lt": {
                    "type": "number",
                    "title": "Filter the search by severity_score_lt. Search for the documents that are less than the value"
                  },
                  "severity_score_lte": {
                    "type": "number",
                    "title": "Filter the search by severity_score_lte. Search for the documents that are less than the value"
                  },
                  "severity_score_gt": {
                    "type": "number",
                    "title": "Filter the search by severity_score_gt. Search for the documents that are greater than the value"
                  },
                  "severity_score_gte": {
                    "type": "number",
                    "title": "Filter the search by severity_score_gte. Search for the documents that are greater than the value"
                  },
                  "installation_date_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by installation_date_before. Search for an exact match"
                  },
                  "installation_date_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by installation_date_after. Search for an exact match"
                  },
                  "created_at_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by created_at_before. Search for an exact match"
                  },
                  "created_at_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by created_at_after. Search for an exact match"
                  },
                  "published_at_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by published_at_before. Search for an exact match"
                  },
                  "published_at_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by published_at_after. Search for an exact match"
                  },
                  "cvss20_score": {
                    "type": "number",
                    "title": "Filter the search by cvss20_score. Search for an exact match of the integer value"
                  },
                  "cvss20_score_lt": {
                    "type": "number",
                    "title": "Filter the search by cvss20_score_lt. Search for the documents that are less than the value"
                  },
                  "cvss20_score_lte": {
                    "type": "number",
                    "title": "Filter the search by cvss20_score_lte. Search for the documents that are less or equal than the value"
                  },
                  "cvss20_score_gt": {
                    "type": "number",
                    "title": "Filter the search by cvss20_score_gt. Search for the documents that are greater than the value"
                  },
                  "cvss20_score_gte": {
                    "type": "number",
                    "title": "Filter the search by cvss20_score_gte. Search for the documents that are greater or equal than the value"
                  },
                  "cvss30_score": {
                    "type": "number",
                    "title": "Filter the search by cvss30_score. Search for an exact match of the integer value"
                  },
                  "cvss30_score_lt": {
                    "type": "number",
                    "title": "Filter the search by cvss30_score_lt. Search for the documents that are less than the value"
                  },
                  "cvss30_score_lte": {
                    "type": "number",
                    "title": "Filter the search by cvss30_score_lte. Search for the documents that are less or equal than the value"
                  },
                  "cvss30_score_gt": {
                    "type": "number",
                    "title": "Filter the search by cvss30_score_gt. Search for the documents that are greater than the value"
                  },
                  "cvss30_score_gte": {
                    "type": "number",
                    "title": "Filter the search by cvss30_score_gte. Search for the documents that are greater or equal than the value"
                  },
                  "product_signature": {
                    "type": "number",
                    "title": "Filter the search by product_signature. Search for an exact match"
                  },
                  "latest_version_available": {
                    "type": "string",
                    "title": "Filter the search by latest_version_available. Search for an exact match"
                  },
                  "architecture": {
                    "type": "string",
                    "title": "Filter the search by software architecture. Search for an exact match"
                  },
                  "language": {
                    "type": "string",
                    "title": "Filter the search by software language. Search for an exact match"
                  },
                  "supports_update": {
                    "type": "boolean",
                    "title": "Filter the search by supports_update. Search for an exact match"
                  },
                  "name_multi_search": {
                    "type": "string",
                    "title": "Filter with alises"
                  },
                  "exists": {
                    "type": "array",
                    "title": "Filter the results for records that have these fields",
                    "items": {
                      "type": "string",
                      "enum": [
                        "domain_name",
                        "product_signature"
                      ]
                    }
                  },
                  "not.exists": {
                    "type": "array",
                    "title": "Filter the results for records that do not have these fields",
                    "items": {
                      "type": "string",
                      "enum": [
                        "domain_name",
                        "product_signature"
                      ]
                    }
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "account_id",
                      "account_name",
                      "parent_account_id",
                      "group_id",
                      "root_group_id",
                      "machine_id",
                      "object_guid",
                      "host_name",
                      "fully_qualified_host_name",
                      "alias",
                      "sort_name",
                      "vendor",
                      "normalized_vendor",
                      "display_vendor",
                      "product",
                      "normalized_product",
                      "display_product",
                      "installed_version",
                      "normalized_installed_version",
                      "display_installed_version",
                      "os_info.os_type",
                      "os_info.os_version",
                      "os_info.os_platform",
                      "os_info.os_architecture",
                      "os_info.os_release_name",
                      "cve_id",
                      "severity",
                      "installation_date",
                      "created_at",
                      "published_at",
                      "cisa_exploitable",
                      "known_ransomware_campaign_use",
                      "severity_score",
                      "cvss20_score",
                      "cvss30_score",
                      "group_name",
                      "domain_name",
                      "supports_update"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "default": "asc",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "default": 50,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "account_id",
                        "account_name",
                        "parent_account_id",
                        "group_id",
                        "root_group_id",
                        "machine_id",
                        "endpoints",
                        "object_guid",
                        "host_name",
                        "fully_qualified_host_name",
                        "alias",
                        "sort_name",
                        "vendor",
                        "normalized_vendor",
                        "display_vendor",
                        "product",
                        "normalized_product",
                        "display_product",
                        "installed_version",
                        "normalized_installed_version",
                        "display_installed_version",
                        "os_info.os_type",
                        "os_info.os_version",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "os_info.os_release_name",
                        "cve_id",
                        "severity",
                        "severity_score",
                        "cisa_exploitable",
                        "known_ransomware_campaign_use",
                        "cvss20_score",
                        "cvss30_score"
                      ]
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search assets CVE result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "account_id": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "vendor": {
                            "type": "string"
                          },
                          "normalized_vendor": {
                            "type": "string"
                          },
                          "display_vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "normalized_product": {
                            "type": "string"
                          },
                          "display_product": {
                            "type": "string"
                          },
                          "installed_version": {
                            "type": "string"
                          },
                          "normalized_installed_version": {
                            "type": "string"
                          },
                          "display_installed_version": {
                            "type": "string"
                          },
                          "installation_date": {
                            "type": "string"
                          },
                          "host_name": {
                            "type": "string"
                          },
                          "fully_qualified_host_name": {
                            "type": "string"
                          },
                          "alias": {
                            "type": "string"
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "os_info": {
                            "properties": {
                              "os_type": {
                                "type": "string"
                              },
                              "os_version": {
                                "type": "string"
                              },
                              "os_platform": {
                                "type": "string"
                              },
                              "os_architecture": {
                                "type": "string"
                              },
                              "os_release_name": {
                                "type": "string"
                              }
                            }
                          },
                          "cve_id": {
                            "type": "string"
                          },
                          "cisa_exploitable": {
                            "type": "boolean"
                          },
                          "known_ransomware_campaign_use": {
                            "type": "boolean"
                          },
                          "severity": {
                            "type": "string"
                          },
                          "severity_score": {
                            "type": "number"
                          },
                          "published_at": {
                            "type": "string"
                          },
                          "cvss30_score": {
                            "type": "number"
                          },
                          "cvss20_score": {
                            "type": "number"
                          },
                          "description": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "results",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Vulnerability Management"
        ],
        "operationId": "api.nebula.search.cve"
      }
    },
    "/nebula/v1/cve/search-groupby": {
      "post": {
        "description": "Search CVE grouped by a specific field.",
        "summary": "Search CVE groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post CVE Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search assets cve request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "properties": {
                      "account_name": {
                        "type": "string",
                        "title": "Filter the search by account_name. Search for an exact match"
                      },
                      "account_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by account_name.keyword. Search for the matches that contain the value"
                      },
                      "not.account_name": {
                        "type": "string",
                        "title": "Filter the search by not.account_name. Search for the matches that are not equal to the value"
                      },
                      "not.account_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.account_name.keyword. Search for the matches that do not contain the value"
                      },
                      "parent_account_id": {
                        "type": "string",
                        "title": "Filter the search by parent_account_id. Search for an exact match"
                      },
                      "parent_account_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                      },
                      "not.parent_account_id": {
                        "type": "string",
                        "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                      },
                      "not.parent_account_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that do not contain the value"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter the search by group_id. Search for an exact match"
                      },
                      "group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                      },
                      "not.group_id": {
                        "type": "string",
                        "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                      },
                      "not.group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                      },
                      "root_group_id": {
                        "type": "string",
                        "title": "Filter the search by root_group_id. Search for an exact match"
                      },
                      "root_group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                      },
                      "not.root_group_id": {
                        "type": "string",
                        "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                      },
                      "not.root_group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter the search by group_name. Search for an exact match"
                      },
                      "group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                      },
                      "not.group_name": {
                        "type": "string",
                        "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                      },
                      "not.group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "Filter the search by machine_id. Search for an exact match"
                      },
                      "machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                      },
                      "not.machine_id": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                      },
                      "not.machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                      },
                      "object_guid": {
                        "type": "string",
                        "title": "Filter the search by object_guid. Search for an exact match"
                      },
                      "object_guid.keyword": {
                        "type": "string",
                        "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                      },
                      "not.object_guid": {
                        "type": "string",
                        "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                      },
                      "not.object_guid.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for an exact match"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                      },
                      "not.host_name": {
                        "type": "string",
                        "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                      },
                      "not.host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                      },
                      "not.fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                      },
                      "not.fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for an exact match"
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                      },
                      "not.domain_name": {
                        "type": "string",
                        "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                      },
                      "not.domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                      },
                      "alias": {
                        "type": "string",
                        "title": "Filter the search by alias. Search for an exact match"
                      },
                      "alias.keyword": {
                        "type": "string",
                        "title": "Filter the search by alias.keyword. Search for the matches that contain the value"
                      },
                      "not.alias": {
                        "type": "string",
                        "title": "Filter the search by not.alias. Search for the matches that are not equal to the value"
                      },
                      "not.alias.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.alias.keyword. Search for the matches that do not contain the value"
                      },
                      "sort_name": {
                        "type": "string",
                        "title": "Filter the search by sort_name. Search for an exact match"
                      },
                      "sort_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by sort_name.keyword. Search for the matches that contain the value"
                      },
                      "not.sort_name": {
                        "type": "string",
                        "title": "Filter the search by not.sort_name. Search for the matches that are not equal to the value"
                      },
                      "not.sort_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.sort_name.keyword. Search for the matches that do not contain the value"
                      },
                      "vendor": {
                        "type": "string",
                        "title": "Filter the search by vendor. Search for an exact match"
                      },
                      "vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                      },
                      "not.vendor": {
                        "type": "string",
                        "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                      },
                      "not.vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                      },
                      "normalized_vendor": {
                        "type": "string",
                        "title": "Filter the search by normalized_vendor. Search for an exact match"
                      },
                      "normalized_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_vendor.keyword. Search for the matches that contain the value"
                      },
                      "not.normalized_vendor": {
                        "type": "string",
                        "title": "Filter the search by not.normalized_vendor. Search for the matches that are not equal to the value"
                      },
                      "not.normalized_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.normalized_vendor.keyword. Search for the matches that do not contain the value"
                      },
                      "display_vendor": {
                        "type": "string",
                        "title": "Filter the search by display_vendor. Search for an exact match"
                      },
                      "display_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_vendor.keyword. Search for the matches that contain the value"
                      },
                      "not.display_vendor": {
                        "type": "string",
                        "title": "Filter the search by not.display_vendor. Search for the matches that are not equal to the value"
                      },
                      "not.display_vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.display_vendor.keyword. Search for the matches that do not contain the value"
                      },
                      "product": {
                        "type": "string",
                        "title": "Filter the search by product. Search for an exact match"
                      },
                      "product.keyword": {
                        "type": "string",
                        "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                      },
                      "not.product": {
                        "type": "string",
                        "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                      },
                      "not.product.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                      },
                      "normalized_product": {
                        "type": "string",
                        "title": "Filter the search by normalized_product. Search for an exact match"
                      },
                      "normalized_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_product.keyword. Search for the matches that contain the value"
                      },
                      "not.normalized_product": {
                        "type": "string",
                        "title": "Filter the search by not.normalized_product. Search for the matches that are not equal to the value"
                      },
                      "not.normalized_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.normalized_product.keyword. Search for the matches that do not contain the value"
                      },
                      "display_product": {
                        "type": "string",
                        "title": "Filter the search by display_product. Search for an exact match"
                      },
                      "display_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_product.keyword. Search for the matches that contain the value"
                      },
                      "not.display_product": {
                        "type": "string",
                        "title": "Filter the search by not.display_product. Search for the matches that are not equal to the value"
                      },
                      "not.display_product.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.display_product.keyword. Search for the matches that do not contain the value"
                      },
                      "installed_version": {
                        "type": "string",
                        "title": "Filter the search by installed_version. Search for an exact match"
                      },
                      "installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by installed_version.keyword. Search for the matches that contain the value"
                      },
                      "not.installed_version": {
                        "type": "string",
                        "title": "Filter the search by not.installed_version. Search for the matches that are not equal to the value"
                      },
                      "not.installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.installed_version.keyword. Search for the matches that do not contain the value"
                      },
                      "normalized_installed_version": {
                        "type": "string",
                        "title": "Filter the search by normalized_installed_version. Search for an exact match"
                      },
                      "normalized_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by normalized_installed_version.keyword. Search for the matches that contain the value"
                      },
                      "not.normalized_installed_version": {
                        "type": "string",
                        "title": "Filter the search by not.normalized_installed_version. Search for the matches that are not equal to the value"
                      },
                      "not.normalized_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.normalized_installed_version.keyword. Search for the matches that do not contain the value"
                      },
                      "display_installed_version": {
                        "type": "string",
                        "title": "Filter the search by display_installed_version. Search for an exact match"
                      },
                      "display_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_installed_version.keyword. Search for the matches that contain the value"
                      },
                      "not.display_installed_version": {
                        "type": "string",
                        "title": "Filter the search by not.display_installed_version. Search for the matches that are not equal to the value"
                      },
                      "not.display_installed_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.display_installed_version.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for an exact match"
                      },
                      "os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for an exact match"
                      },
                      "os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for an exact match"
                      },
                      "os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                      },
                      "os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                      },
                      "cve_id": {
                        "type": "string",
                        "title": "Filter the search by cve_id. Search for an exact match"
                      },
                      "cve_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by cve_id.keyword. Search for the matches that contain the value"
                      },
                      "not.cve_id": {
                        "type": "string",
                        "title": "Filter the search by not.cve_id. Search for the matches that are not equal to the value"
                      },
                      "not.cve_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.cve_id.keyword. Search for the matches that do not contain the value"
                      },
                      "severity": {
                        "type": "string",
                        "title": "Filter the search by severity. Search for an exact match"
                      },
                      "severity.keyword": {
                        "type": "string",
                        "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                      },
                      "not.severity": {
                        "type": "string",
                        "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                      },
                      "not.severity.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                      },
                      "document_id": {
                        "type": "string",
                        "title": "Filter with document_id"
                      },
                      "document_id.keyword": {
                        "type": "string",
                        "title": "Filter with document_id.keyword"
                      },
                      "cisa_exploitable": {
                        "type": "boolean",
                        "title": "Filter the search by cisa_exploitable. Search for an exact match"
                      },
                      "known_ransomware_campaign_use": {
                        "type": "boolean",
                        "title": "Filter the search by known_ransomware_campaign_use. Search for an exact match"
                      },
                      "severity_score": {
                        "type": "number",
                        "title": "Filter the search by severity_score. Search for an exact match"
                      },
                      "severity_score_lt": {
                        "type": "number",
                        "title": "Filter the search by severity_score_lt. Search for the documents that are less than the value"
                      },
                      "severity_score_lte": {
                        "type": "number",
                        "title": "Filter the search by severity_score_lte. Search for the documents that are less than the value"
                      },
                      "severity_score_gt": {
                        "type": "number",
                        "title": "Filter the search by severity_score_gt. Search for the documents that are greater than the value"
                      },
                      "severity_score_gte": {
                        "type": "number",
                        "title": "Filter the search by severity_score_gte. Search for the documents that are greater than the value"
                      },
                      "installation_date_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by installation_date_before. Search for an exact match"
                      },
                      "installation_date_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by installation_date_after. Search for an exact match"
                      },
                      "created_at_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by created_at_before. Search for an exact match"
                      },
                      "created_at_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by created_at_after. Search for an exact match"
                      },
                      "published_at_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by published_at_before. Search for an exact match"
                      },
                      "published_at_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by published_at_after. Search for an exact match"
                      },
                      "cvss20_score": {
                        "type": "number",
                        "title": "Filter the search by cvss20_score. Search for an exact match of the integer value"
                      },
                      "cvss20_score_lt": {
                        "type": "number",
                        "title": "Filter the search by cvss20_score_lt. Search for the documents that are less than the value"
                      },
                      "cvss20_score_lte": {
                        "type": "number",
                        "title": "Filter the search by cvss20_score_lte. Search for the documents that are less or equal than the value"
                      },
                      "cvss20_score_gt": {
                        "type": "number",
                        "title": "Filter the search by cvss20_score_gt. Search for the documents that are greater than the value"
                      },
                      "cvss20_score_gte": {
                        "type": "number",
                        "title": "Filter the search by cvss20_score_gte. Search for the documents that are greater or equal than the value"
                      },
                      "cvss30_score": {
                        "type": "number",
                        "title": "Filter the search by cvss30_score. Search for an exact match of the integer value"
                      },
                      "cvss30_score_lt": {
                        "type": "number",
                        "title": "Filter the search by cvss30_score_lt. Search for the documents that are less than the value"
                      },
                      "cvss30_score_lte": {
                        "type": "number",
                        "title": "Filter the search by cvss30_score_lte. Search for the documents that are less or equal than the value"
                      },
                      "cvss30_score_gt": {
                        "type": "number",
                        "title": "Filter the search by cvss30_score_gt. Search for the documents that are greater than the value"
                      },
                      "cvss30_score_gte": {
                        "type": "number",
                        "title": "Filter the search by cvss30_score_gte. Search for the documents that are greater or equal than the value"
                      },
                      "product_signature": {
                        "type": "number",
                        "title": "Filter the search by product_signature. Search for an exact match"
                      },
                      "latest_version_available": {
                        "type": "string",
                        "title": "Filter the search by latest_version_available. Search for an exact match"
                      },
                      "architecture": {
                        "type": "string",
                        "title": "Filter the search by software architecture. Search for an exact match"
                      },
                      "language": {
                        "type": "string",
                        "title": "Filter the search by software language. Search for an exact match"
                      },
                      "supports_update": {
                        "type": "boolean",
                        "title": "Filter the search by supports_update. Search for an exact match"
                      },
                      "name_multi_search": {
                        "type": "string",
                        "title": "Filter with alises"
                      },
                      "exists": {
                        "type": "array",
                        "title": "Filter the results for records that have these fields",
                        "items": {
                          "type": "string",
                          "enum": [
                            "domain_name",
                            "product_signature"
                          ]
                        }
                      },
                      "not.exists": {
                        "type": "array",
                        "title": "Filter the results for records that do not have these fields",
                        "items": {
                          "type": "string",
                          "enum": [
                            "domain_name",
                            "product_signature"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "enum": [
                          "account_id",
                          "account_name",
                          "parent_account_id",
                          "group_id",
                          "root_group_id",
                          "machine_id",
                          "object_guid",
                          "host_name",
                          "fully_qualified_host_name",
                          "alias",
                          "sort_name",
                          "vendor",
                          "normalized_vendor",
                          "display_vendor",
                          "product",
                          "normalized_product",
                          "display_product",
                          "installed_version",
                          "normalized_installed_version",
                          "display_installed_version",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "cve_id",
                          "severity",
                          "installation_date",
                          "created_at",
                          "published_at",
                          "cisa_exploitable",
                          "known_ransomware_campaign_use",
                          "severity_score",
                          "cvss20_score",
                          "cvss30_score",
                          "group_name",
                          "domain_name",
                          "supports_update"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "default": "asc",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "default": 50,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "endpoints",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "sort_name",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "cve_id",
                            "severity",
                            "severity_score",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "cvss20_score",
                            "cvss30_score"
                          ]
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The groupBy Schema",
                    "enum": [
                      "account_id",
                      "parent_account_id",
                      "group_id",
                      "root_group_id",
                      "machine_id",
                      "vendor",
                      "normalized_vendor",
                      "display_vendor",
                      "product",
                      "normalized_product",
                      "display_product",
                      "installed_version",
                      "normalized_installed_version",
                      "display_installed_version",
                      "installation_date",
                      "host_name",
                      "fully_qualified_host_name",
                      "alias",
                      "created_at",
                      "os_type",
                      "os_version",
                      "os_platform",
                      "os_architecture",
                      "os_release_name",
                      "cve_id",
                      "cisa_exploitable",
                      "known_ransomware_campaign_use",
                      "severity",
                      "severity_score",
                      "published_at",
                      "cvss20_score",
                      "cvss30_score",
                      "domain_name"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page_size Schema",
                    "minimum": 50,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post CVE Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": "string",
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "fully_qualified_host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "tags": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "The tags Schema (only for machine_id aggregation)"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account_id Schema (only for machine_id aggregation)"
                          },
                          "group_name": {
                            "type": "string",
                            "title": "The group name Schema (only for group_id aggregation)"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The account_name Schema (only for account_id aggregation)"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Vulnerability Management"
        ],
        "operationId": "api.nebula.search.cve.group"
      }
    },
    "/nebula/v1/dns/export": {
      "post": {
        "description": "Export DNS data. Specify your interested fields and the output format.\n\nSupported output formats: csv, xlsx, json.\n\n## Settings\n\n| Name | Description |\n|------|-------------|\n| groups | List of queries. The constraints accepted are the same accepted by the search assets software route. Refer to [Search DNS API](#operation/api.nebula.search.dns) for more information about the constraints accepted. |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n## Examples\n\n### Download CSV file\n\nA request with this body sent by a browser will download a file called `nameofthefile.cvs`, displaying a table with columns: `accountId`, `groupId`, `groupName`, `Domain`, `IP_address` for all the dns logs of machine_id `1514cd0a-2ef3-4db3-b8a4-c89894d9aa34`:\n\n```json\n{\n  \"groups\": [\n    { \"machine_id\": \"1514cd0a-2ef3-4db3-b8a4-c89894d9aa34\" }\n  ],\n  \"format\": \"csv\",\n  \"type\": \"string\",\n  \"filename\": \"nameofthefile\",\n  \"download\": true,\n  \"select\": [\n    {\"field\": \"account_id\", \"newField\": \"accountId\"},\n    {\"field\": \"group_id\", \"newField\": \"groupId\"},\n    {\"field\": \"group_name\", \"newField\": \"groupName\"},\n    {\"field\": \"log.query_name\", \"newField\": \"Domain\"},\n    {\"field\": \"log.dst_ip\", \"newField\": \"IP_address\"}\n  ]\n}\n```\n",
        "summary": "Export DNS Log data",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "rule_id",
                            "rule_name",
                            "resolved_ips",
                            "machine_id",
                            "group_id",
                            "group_name",
                            "account_name",
                            "machine_name",
                            "policy_id",
                            "policy_name",
                            "account_id",
                            "parent_account_id",
                            "action",
                            "log.policy_id",
                            "log.policy",
                            "log.protocol",
                            "log.query_name",
                            "log.query_name_reversed",
                            "log.resolver_decision",
                            "log.user_id",
                            "log.colo_id",
                            "log.dst_port",
                            "log.query_category_ids",
                            "log.query_size",
                            "log.query_type",
                            "log.src_port",
                            "log.dst_ip",
                            "log.src_ip",
                            "timestamp",
                            "log.datetime",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch DNS Logs",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search DNS Logs request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "allOf": [
                            {
                              "type": "object",
                              "title": "Agent constraints",
                              "description": "The Agents constraints.",
                              "properties": {
                                "nics.mac_address": {
                                  "type": "string",
                                  "title": "nics.mac_address"
                                },
                                "not.nics.mac_address": {
                                  "type": "string",
                                  "title": "not.nics.mac_address"
                                },
                                "nics.mac_address.keyword": {
                                  "type": "string",
                                  "title": "nics.mac_address.keyword"
                                },
                                "not.nics.mac_address.keyword": {
                                  "type": "string",
                                  "title": "not.nics.mac_address.keyword"
                                },
                                "nics.description": {
                                  "type": "string",
                                  "title": "nics.description"
                                },
                                "not.nics.description": {
                                  "type": "string",
                                  "title": "not.nics.description"
                                },
                                "nics.description.keyword": {
                                  "type": "string",
                                  "title": "nics.description.keyword"
                                },
                                "not.nics.description.keyword": {
                                  "type": "string",
                                  "title": "not.nics.description.keyword"
                                },
                                "os_info.os_type": {
                                  "type": "string",
                                  "title": "os_info.os_type"
                                },
                                "not.os_info.os_type": {
                                  "type": "string",
                                  "title": "not.os_info.os_type"
                                },
                                "os_info.os_type.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_type.keyword"
                                },
                                "not.os_info.os_type.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_type.keyword"
                                },
                                "os_info.os_version": {
                                  "type": "string",
                                  "title": "os_info.os_version"
                                },
                                "not.os_info.os_version": {
                                  "type": "string",
                                  "title": "not.os_info.os_version"
                                },
                                "os_info.os_version.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_version.keyword"
                                },
                                "not.os_info.os_version.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_version.keyword"
                                },
                                "os_info.os_platform": {
                                  "type": "string",
                                  "title": "os_info.os_platform"
                                },
                                "not.os_info.os_platform": {
                                  "type": "string",
                                  "title": "not.os_info.os_platform"
                                },
                                "os_info.os_platform.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_platform.keyword"
                                },
                                "not.os_info.os_platform.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_platform.keyword"
                                },
                                "os_info.os_architecture": {
                                  "type": "string",
                                  "title": "os_info.os_architecture"
                                },
                                "not.os_info.os_architecture": {
                                  "type": "string",
                                  "title": "not.os_info.os_architecture"
                                },
                                "os_info.os_architecture.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_architecture.keyword"
                                },
                                "not.os_info.os_architecture.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_architecture.keyword"
                                },
                                "os_info.os_release_name": {
                                  "type": "string",
                                  "title": "os_info.os_release_name"
                                },
                                "not.os_info.os_release_name": {
                                  "type": "string",
                                  "title": "not.os_info.os_release_name"
                                },
                                "os_info.os_release_name.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_release_name.keyword"
                                },
                                "not.os_info.os_release_name.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_release_name.keyword"
                                },
                                "host_name": {
                                  "type": "string",
                                  "title": "host_name"
                                },
                                "not.host_name": {
                                  "type": "string",
                                  "title": "not.host_name"
                                },
                                "host_name.keyword": {
                                  "type": "string",
                                  "title": "host_name.keyword"
                                },
                                "not.host_name.keyword": {
                                  "type": "string",
                                  "title": "not.host_name.keyword"
                                },
                                "fully_qualified_host_name": {
                                  "type": "string",
                                  "title": "fully_qualified_host_name"
                                },
                                "not.fully_qualified_host_name": {
                                  "type": "string",
                                  "title": "not.fully_qualified_host_name"
                                },
                                "fully_qualified_host_name.keyword": {
                                  "type": "string",
                                  "title": "fully_qualified_host_name.keyword"
                                },
                                "not.fully_qualified_host_name.keyword": {
                                  "type": "string",
                                  "title": "not.fully_qualified_host_name.keyword"
                                },
                                "plugins.asset_manager.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.plugin_version"
                                },
                                "not.plugins.asset_manager.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.plugin_version"
                                },
                                "plugins.asset_manager.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.plugin_version.keyword"
                                },
                                "not.plugins.asset_manager.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.plugin_version.keyword"
                                },
                                "plugins.asset_manager.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.reboot_reasons"
                                },
                                "not.plugins.asset_manager.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.reboot_reasons"
                                },
                                "plugins.asset_manager.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.reboot_reasons.keyword"
                                },
                                "not.plugins.asset_manager.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.reboot_reasons.keyword"
                                },
                                "plugins.endpoint_protection.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.plugin_version"
                                },
                                "not.plugins.endpoint_protection.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.plugin_version"
                                },
                                "plugins.endpoint_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.plugin_version.keyword"
                                },
                                "not.plugins.endpoint_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.plugin_version.keyword"
                                },
                                "plugins.endpoint_protection.sdk_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.sdk_version"
                                },
                                "not.plugins.endpoint_protection.sdk_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.sdk_version"
                                },
                                "plugins.endpoint_protection.sdk_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.sdk_version.keyword"
                                },
                                "not.plugins.endpoint_protection.sdk_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.sdk_version.keyword"
                                },
                                "plugins.endpoint_protection.component_package_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.component_package_version"
                                },
                                "not.plugins.endpoint_protection.component_package_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.component_package_version"
                                },
                                "plugins.endpoint_protection.component_package_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.component_package_version.keyword"
                                },
                                "not.plugins.endpoint_protection.component_package_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.component_package_version.keyword"
                                },
                                "plugins.endpoint_protection.update_package_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.update_package_version"
                                },
                                "not.plugins.endpoint_protection.update_package_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.update_package_version"
                                },
                                "plugins.endpoint_protection.update_package_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.update_package_version.keyword"
                                },
                                "not.plugins.endpoint_protection.update_package_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.update_package_version.keyword"
                                },
                                "plugins.endpoint_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.reboot_reasons"
                                },
                                "not.plugins.endpoint_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.reboot_reasons"
                                },
                                "plugins.endpoint_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.reboot_reasons.keyword"
                                },
                                "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.reboot_reasons.keyword"
                                },
                                "plugins.endpoint_detection_and_response.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.plugin_version"
                                },
                                "not.plugins.endpoint_detection_and_response.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.plugin_version"
                                },
                                "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.plugin_version.keyword"
                                },
                                "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.plugin_version.keyword"
                                },
                                "plugins.endpoint_detection_and_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.reboot_reasons"
                                },
                                "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.reboot_reasons"
                                },
                                "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                                },
                                "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                                },
                                "plugins.incident_response.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.incident_response.plugin_version"
                                },
                                "not.plugins.incident_response.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.plugin_version"
                                },
                                "plugins.incident_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.incident_response.plugin_version.keyword"
                                },
                                "not.plugins.incident_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.plugin_version.keyword"
                                },
                                "plugins.incident_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.incident_response.reboot_reasons"
                                },
                                "not.plugins.incident_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.reboot_reasons"
                                },
                                "plugins.incident_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.incident_response.reboot_reasons.keyword"
                                },
                                "not.plugins.incident_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.reboot_reasons.keyword"
                                },
                                "plugins.siem.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.siem.plugin_version"
                                },
                                "not.plugins.siem.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.siem.plugin_version"
                                },
                                "plugins.siem.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.siem.plugin_version.keyword"
                                },
                                "not.plugins.siem.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.siem.plugin_version.keyword"
                                },
                                "plugins.browser_phishing_protection.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.plugin_version"
                                },
                                "not.plugins.browser_phishing_protection.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.plugin_version"
                                },
                                "plugins.browser_phishing_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.plugin_version.keyword"
                                },
                                "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.plugin_version.keyword"
                                },
                                "plugins.browser_phishing_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.reboot_reasons"
                                },
                                "not.plugins.browser_phishing_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.reboot_reasons"
                                },
                                "plugins.browser_phishing_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.reboot_reasons.keyword"
                                },
                                "not.plugins.browser_phishing_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.reboot_reasons.keyword"
                                },
                                "plugins.siem.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.siem.reboot_reasons"
                                },
                                "not.plugins.siem.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.siem.reboot_reasons"
                                },
                                "plugins.siem.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.siem.reboot_reasons.keyword"
                                },
                                "not.plugins.siem.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.siem.reboot_reasons.keyword"
                                },
                                "engine_version": {
                                  "type": "string",
                                  "title": "engine_version"
                                },
                                "not.engine_version": {
                                  "type": "string",
                                  "title": "not.engine_version"
                                },
                                "engine_version.keyword": {
                                  "type": "string",
                                  "title": "engine_version.keyword"
                                },
                                "not.engine_version.keyword": {
                                  "type": "string",
                                  "title": "not.engine_version.keyword"
                                },
                                "domain_name": {
                                  "type": "string",
                                  "title": "domain_name"
                                },
                                "not.domain_name": {
                                  "type": "string",
                                  "title": "not.domain_name"
                                },
                                "domain_name.keyword": {
                                  "type": "string",
                                  "title": "domain_name.keyword"
                                },
                                "not.domain_name.keyword": {
                                  "type": "string",
                                  "title": "not.domain_name.keyword"
                                },
                                "policy_etag": {
                                  "type": "string",
                                  "title": "policy_etag"
                                },
                                "not.policy_etag": {
                                  "type": "string",
                                  "title": "not.policy_etag"
                                },
                                "policy_etag.keyword": {
                                  "type": "string",
                                  "title": "policy_etag.keyword"
                                },
                                "not.policy_etag.keyword": {
                                  "type": "string",
                                  "title": "not.policy_etag.keyword"
                                },
                                "last_user": {
                                  "type": "string",
                                  "title": "last_user"
                                },
                                "not.last_user": {
                                  "type": "string",
                                  "title": "not.last_user"
                                },
                                "last_user.keyword": {
                                  "type": "string",
                                  "title": "last_user.keyword"
                                },
                                "not.last_user.keyword": {
                                  "type": "string",
                                  "title": "not.last_user.keyword"
                                },
                                "serial_number": {
                                  "type": "string",
                                  "title": "serial_number"
                                },
                                "not.serial_number": {
                                  "type": "string",
                                  "title": "not.serial_number"
                                },
                                "serial_number.keyword": {
                                  "type": "string",
                                  "title": "serial_number.keyword"
                                },
                                "not.serial_number.keyword": {
                                  "type": "string",
                                  "title": "not.serial_number.keyword"
                                }
                              }
                            }
                          ],
                          "properties": {
                            "id": {
                              "type": "string",
                              "title": "Filter the search by DNS event id. Search for an exact match"
                            },
                            "not.id": {
                              "type": "string",
                              "title": "Filter the search by not.id. Search for the matches that are not equal to the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for an exact match"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "rule_id": {
                              "type": "string",
                              "title": "Filter the search by rule_id. Search for an exact match"
                            },
                            "rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by rule_id.keyword. Search for the matches that contain the value"
                            },
                            "not.rule_id": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id. Search for the matches that are not equal to the value"
                            },
                            "not.rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "rule_name": {
                              "type": "string",
                              "title": "Filter the search by rule_name. Search for an exact match"
                            },
                            "rule_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by rule_name.keyword. Search for the matches that contain the value"
                            },
                            "not.rule_name": {
                              "type": "string",
                              "title": "Filter the search by not.rule_name. Search for the matches that are not equal to the value"
                            },
                            "not.rule_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.rule_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search by policy_id. Search for an exact match"
                            },
                            "policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_id.keyword. Search for the matches that contain the value"
                            },
                            "not.policy_id": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id. Search for the matches that are not equal to the value"
                            },
                            "not.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search by policy_name. Search for an exact match"
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_name.keyword. Search for the matches that contain the value"
                            },
                            "not.policy_name": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name. Search for the matches that are not equal to the value"
                            },
                            "not.policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "account_id": {
                              "type": "string",
                              "title": "Filter the search by account_id. Search for an exact match"
                            },
                            "account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_id.keyword. Search for the matches that contain the value"
                            },
                            "not.account_id": {
                              "type": "string",
                              "title": "Filter the search by not.account_id. Search for the matches that are not equal to the value"
                            },
                            "not.account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.account_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for an exact match"
                            },
                            "parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                            },
                            "not.parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                            },
                            "not.parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "action": {
                              "type": "string",
                              "title": "Filter the search by action. Search for an exact match"
                            },
                            "action.keyword": {
                              "type": "string",
                              "title": "Filter the search by action.keyword. Search for the matches that contain the value"
                            },
                            "not.action": {
                              "type": "string",
                              "title": "Filter the search by not.action. Search for the matches that are not equal to the value"
                            },
                            "not.action.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.action.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.policy_id": {
                              "type": "string",
                              "title": "Filter the search by log.policy_id. Search for an exact match"
                            },
                            "log.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.policy_id.keyword. Search for the matches that contain the value"
                            },
                            "not.log.policy_id": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy_id. Search for the matches that are not equal to the value"
                            },
                            "not.log.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.policy": {
                              "type": "string",
                              "title": "Filter the search by log.policy. Search for an exact match"
                            },
                            "log.policy.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.policy.keyword. Search for the matches that contain the value"
                            },
                            "not.log.policy": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy. Search for the matches that are not equal to the value"
                            },
                            "not.log.policy.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.protocol": {
                              "type": "string",
                              "title": "Filter the search by log.protocol. Search for an exact match"
                            },
                            "log.protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.protocol.keyword. Search for the matches that contain the value"
                            },
                            "not.log.protocol": {
                              "type": "string",
                              "title": "Filter the search by not.log.protocol. Search for the matches that are not equal to the value"
                            },
                            "not.log.protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.protocol.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.query_name": {
                              "type": "string",
                              "title": "Filter the search by log.query_name. Search for an exact match"
                            },
                            "log.query_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.query_name.keyword. Search for the matches that contain the value"
                            },
                            "not.log.query_name": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name. Search for the matches that are not equal to the value"
                            },
                            "not.log.query_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.query_name_reversed": {
                              "type": "string",
                              "title": "Filter the search by log.query_name_reversed. Search for an exact match"
                            },
                            "log.query_name_reversed.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.query_name_reversed.keyword. Search for the matches that contain the value"
                            },
                            "not.log.query_name_reversed": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name_reversed. Search for the matches that are not equal to the value"
                            },
                            "not.log.query_name_reversed.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name_reversed.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.resolver_decision": {
                              "type": "string",
                              "title": "Filter the search by log.resolver_decision. Search for an exact match"
                            },
                            "log.resolver_decision.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.resolver_decision.keyword. Search for the matches that contain the value"
                            },
                            "not.log.resolver_decision": {
                              "type": "string",
                              "title": "Filter the search by not.log.resolver_decision. Search for the matches that are not equal to the value"
                            },
                            "not.log.resolver_decision.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.resolver_decision.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.user_id": {
                              "type": "string",
                              "title": "Filter the search by log.user_id. Search for an exact match"
                            },
                            "log.user_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.user_id.keyword. Search for the matches that contain the value"
                            },
                            "not.log.user_id": {
                              "type": "string",
                              "title": "Filter the search by not.log.user_id. Search for the matches that are not equal to the value"
                            },
                            "not.log.user_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.user_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.colo_id": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id. Search for an exact match of the integer value"
                            },
                            "log.colo_id_lt": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_lt. Search for the documents that are less than the value"
                            },
                            "log.colo_id_lte": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.colo_id_gt": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_gt. Search for the documents that are greater than the value"
                            },
                            "log.colo_id_gte": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.dst_port": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port. Search for an exact match of the integer value"
                            },
                            "log.dst_port_lt": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_lt. Search for the documents that are less than the value"
                            },
                            "log.dst_port_lte": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.dst_port_gt": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_gt. Search for the documents that are greater than the value"
                            },
                            "log.dst_port_gte": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.query_category_ids": {
                              "type": "array",
                              "items": {
                                "type": "number"
                              },
                              "title": "Filter the search by log.query_category_ids. Search for an exact match of the integer value"
                            },
                            "log.query_size": {
                              "type": "number",
                              "title": "Filter the search by log.query_size. Search for an exact match of the integer value"
                            },
                            "log.query_size_lt": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_lt. Search for the documents that are less than the value"
                            },
                            "log.query_size_lte": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.query_size_gt": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_gt. Search for the documents that are greater than the value"
                            },
                            "log.query_size_gte": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.query_type": {
                              "type": "number",
                              "title": "Filter the search by log.query_type. Search for an exact match of the integer value"
                            },
                            "log.query_type_lt": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_lt. Search for the documents that are less than the value"
                            },
                            "log.query_type_lte": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.query_type_gt": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_gt. Search for the documents that are greater than the value"
                            },
                            "log.query_type_gte": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.src_port": {
                              "type": "number",
                              "title": "Filter the search by log.src_port. Search for an exact match of the integer value"
                            },
                            "log.src_port_lt": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_lt. Search for the documents that are less than the value"
                            },
                            "log.src_port_lte": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.src_port_gt": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_gt. Search for the documents that are greater than the value"
                            },
                            "log.src_port_gte": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.datetime_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by log.datetime_before. Search for the documents that are after the given timestamp"
                            },
                            "log.datetime_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by log.datetime_after. "
                            },
                            "timestamp_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by timestamp_before. Search for the documents that are after the given timestamp"
                            },
                            "timestamp_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by timestamp_after. "
                            },
                            "log.dst_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by log.dst_ip. Search for an exact match"
                            },
                            "not.log.dst_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by not.log.dst_ip. Search for the matches that are not equal to the value"
                            },
                            "log.src_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by log.src_ip. Search for an exact match"
                            },
                            "not.log.src_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by not.log.src_ip. Search for the matches that are not equal to the value"
                            },
                            "resolved_ips": {
                              "type": "string",
                              "title": "Filter the search by resolved_ips. Search for an exact match"
                            },
                            "not.resolved_ips": {
                              "type": "string",
                              "title": "Filter the search by not.resolved_ips. Search for the matches that are not equal to the value"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "group_name",
                                "rule_id",
                                "rule_name",
                                "resolved_ips",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "parent_account_id",
                                "action",
                                "log.policy_id",
                                "log.policy",
                                "log.protocol",
                                "log.query_name",
                                "log.query_name_reversed",
                                "log.resolver_decision",
                                "log.user_id",
                                "log.colo_id",
                                "log.dst_port",
                                "log.query_category_ids",
                                "log.query_size",
                                "log.query_type",
                                "log.src_port",
                                "log.dst_ip",
                                "log.src_ip",
                                "timestamp",
                                "log.datetime",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number"
                              ]
                            },
                            "populate": {
                              "type": "object",
                              "title": "Populate object schema",
                              "properties": {
                                "group": {
                                  "type": "boolean",
                                  "title": "Populates group data (group name, policy name, policy id)"
                                },
                                "endpoint": {
                                  "type": "boolean",
                                  "title": "Populate with the endpoint data (last day seen, last user)"
                                }
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "machine_id",
                                  "group_id",
                                  "rule_id",
                                  "rule_name",
                                  "resolved_ips",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "account_id",
                                  "parent_account_id",
                                  "action",
                                  "log.policy_id",
                                  "log.policy",
                                  "log.protocol",
                                  "log.query_name",
                                  "log.query_name_reversed",
                                  "log.resolver_decision",
                                  "log.user_id",
                                  "log.colo_id",
                                  "log.dst_port",
                                  "log.query_category_ids",
                                  "log.query_size",
                                  "log.query_type",
                                  "log.src_port",
                                  "log.dst_ip",
                                  "log.src_ip",
                                  "timestamp",
                                  "log.datetime",
                                  "agent.at",
                                  "agent.last_user",
                                  "agent.fully_qualified_host_name",
                                  "agent.started_at_local",
                                  "agent.started_at_offset",
                                  "agent.os_info.os_type",
                                  "agent.os_info.os_version",
                                  "agent.os_info.os_platform",
                                  "agent.os_info.os_architecture",
                                  "agent.os_info.os_release_name",
                                  "agent.domain_name",
                                  "agent.engine_version",
                                  "agent.policy_etag",
                                  "agent.host_name",
                                  "agent.nics.ips",
                                  "agent.nics.mac_address",
                                  "machine.tags.alias",
                                  "agent.has_alerts",
                                  "agent.machine_ip",
                                  "agent.object_guid",
                                  "agent.plugins.endpoint_protection.sdk_version",
                                  "agent.plugins.endpoint_protection.component_package_version",
                                  "agent.source_location.city",
                                  "agent.source_location.country",
                                  "agent.source_location.country_iso",
                                  "agent.source_location.continent",
                                  "agent.source_location.time_zone",
                                  "agent.source_location.postal_code",
                                  "agent.source_location.subdivisions",
                                  "agent.source_location.anonymous_proxy",
                                  "agent.serial_number",
                                  "daily_logs"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "DNS Logs"
        ],
        "operationId": "api.nebula.post.export.dns"
      }
    },
    "/nebula/v1/dns/export/async": {
      "post": {
        "description": "Export DNS Log data asynchronously.",
        "summary": "Export DNS Log data asynchronously",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "rule_id",
                            "rule_name",
                            "resolved_ips",
                            "machine_id",
                            "group_id",
                            "group_name",
                            "account_name",
                            "machine_name",
                            "policy_id",
                            "policy_name",
                            "account_id",
                            "parent_account_id",
                            "action",
                            "log.policy_id",
                            "log.policy",
                            "log.protocol",
                            "log.query_name",
                            "log.query_name_reversed",
                            "log.resolver_decision",
                            "log.user_id",
                            "log.colo_id",
                            "log.dst_port",
                            "log.query_category_ids",
                            "log.query_size",
                            "log.query_type",
                            "log.src_port",
                            "log.dst_ip",
                            "log.src_ip",
                            "timestamp",
                            "log.datetime",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch DNS Logs",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search DNS Logs request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "allOf": [
                            {
                              "type": "object",
                              "title": "Agent constraints",
                              "description": "The Agents constraints.",
                              "properties": {
                                "nics.mac_address": {
                                  "type": "string",
                                  "title": "nics.mac_address"
                                },
                                "not.nics.mac_address": {
                                  "type": "string",
                                  "title": "not.nics.mac_address"
                                },
                                "nics.mac_address.keyword": {
                                  "type": "string",
                                  "title": "nics.mac_address.keyword"
                                },
                                "not.nics.mac_address.keyword": {
                                  "type": "string",
                                  "title": "not.nics.mac_address.keyword"
                                },
                                "nics.description": {
                                  "type": "string",
                                  "title": "nics.description"
                                },
                                "not.nics.description": {
                                  "type": "string",
                                  "title": "not.nics.description"
                                },
                                "nics.description.keyword": {
                                  "type": "string",
                                  "title": "nics.description.keyword"
                                },
                                "not.nics.description.keyword": {
                                  "type": "string",
                                  "title": "not.nics.description.keyword"
                                },
                                "os_info.os_type": {
                                  "type": "string",
                                  "title": "os_info.os_type"
                                },
                                "not.os_info.os_type": {
                                  "type": "string",
                                  "title": "not.os_info.os_type"
                                },
                                "os_info.os_type.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_type.keyword"
                                },
                                "not.os_info.os_type.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_type.keyword"
                                },
                                "os_info.os_version": {
                                  "type": "string",
                                  "title": "os_info.os_version"
                                },
                                "not.os_info.os_version": {
                                  "type": "string",
                                  "title": "not.os_info.os_version"
                                },
                                "os_info.os_version.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_version.keyword"
                                },
                                "not.os_info.os_version.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_version.keyword"
                                },
                                "os_info.os_platform": {
                                  "type": "string",
                                  "title": "os_info.os_platform"
                                },
                                "not.os_info.os_platform": {
                                  "type": "string",
                                  "title": "not.os_info.os_platform"
                                },
                                "os_info.os_platform.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_platform.keyword"
                                },
                                "not.os_info.os_platform.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_platform.keyword"
                                },
                                "os_info.os_architecture": {
                                  "type": "string",
                                  "title": "os_info.os_architecture"
                                },
                                "not.os_info.os_architecture": {
                                  "type": "string",
                                  "title": "not.os_info.os_architecture"
                                },
                                "os_info.os_architecture.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_architecture.keyword"
                                },
                                "not.os_info.os_architecture.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_architecture.keyword"
                                },
                                "os_info.os_release_name": {
                                  "type": "string",
                                  "title": "os_info.os_release_name"
                                },
                                "not.os_info.os_release_name": {
                                  "type": "string",
                                  "title": "not.os_info.os_release_name"
                                },
                                "os_info.os_release_name.keyword": {
                                  "type": "string",
                                  "title": "os_info.os_release_name.keyword"
                                },
                                "not.os_info.os_release_name.keyword": {
                                  "type": "string",
                                  "title": "not.os_info.os_release_name.keyword"
                                },
                                "host_name": {
                                  "type": "string",
                                  "title": "host_name"
                                },
                                "not.host_name": {
                                  "type": "string",
                                  "title": "not.host_name"
                                },
                                "host_name.keyword": {
                                  "type": "string",
                                  "title": "host_name.keyword"
                                },
                                "not.host_name.keyword": {
                                  "type": "string",
                                  "title": "not.host_name.keyword"
                                },
                                "fully_qualified_host_name": {
                                  "type": "string",
                                  "title": "fully_qualified_host_name"
                                },
                                "not.fully_qualified_host_name": {
                                  "type": "string",
                                  "title": "not.fully_qualified_host_name"
                                },
                                "fully_qualified_host_name.keyword": {
                                  "type": "string",
                                  "title": "fully_qualified_host_name.keyword"
                                },
                                "not.fully_qualified_host_name.keyword": {
                                  "type": "string",
                                  "title": "not.fully_qualified_host_name.keyword"
                                },
                                "plugins.asset_manager.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.plugin_version"
                                },
                                "not.plugins.asset_manager.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.plugin_version"
                                },
                                "plugins.asset_manager.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.plugin_version.keyword"
                                },
                                "not.plugins.asset_manager.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.plugin_version.keyword"
                                },
                                "plugins.asset_manager.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.reboot_reasons"
                                },
                                "not.plugins.asset_manager.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.reboot_reasons"
                                },
                                "plugins.asset_manager.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.asset_manager.reboot_reasons.keyword"
                                },
                                "not.plugins.asset_manager.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.asset_manager.reboot_reasons.keyword"
                                },
                                "plugins.endpoint_protection.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.plugin_version"
                                },
                                "not.plugins.endpoint_protection.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.plugin_version"
                                },
                                "plugins.endpoint_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.plugin_version.keyword"
                                },
                                "not.plugins.endpoint_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.plugin_version.keyword"
                                },
                                "plugins.endpoint_protection.sdk_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.sdk_version"
                                },
                                "not.plugins.endpoint_protection.sdk_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.sdk_version"
                                },
                                "plugins.endpoint_protection.sdk_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.sdk_version.keyword"
                                },
                                "not.plugins.endpoint_protection.sdk_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.sdk_version.keyword"
                                },
                                "plugins.endpoint_protection.component_package_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.component_package_version"
                                },
                                "not.plugins.endpoint_protection.component_package_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.component_package_version"
                                },
                                "plugins.endpoint_protection.component_package_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.component_package_version.keyword"
                                },
                                "not.plugins.endpoint_protection.component_package_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.component_package_version.keyword"
                                },
                                "plugins.endpoint_protection.update_package_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.update_package_version"
                                },
                                "not.plugins.endpoint_protection.update_package_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.update_package_version"
                                },
                                "plugins.endpoint_protection.update_package_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.update_package_version.keyword"
                                },
                                "not.plugins.endpoint_protection.update_package_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.update_package_version.keyword"
                                },
                                "plugins.endpoint_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.reboot_reasons"
                                },
                                "not.plugins.endpoint_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.reboot_reasons"
                                },
                                "plugins.endpoint_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_protection.reboot_reasons.keyword"
                                },
                                "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_protection.reboot_reasons.keyword"
                                },
                                "plugins.endpoint_detection_and_response.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.plugin_version"
                                },
                                "not.plugins.endpoint_detection_and_response.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.plugin_version"
                                },
                                "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.plugin_version.keyword"
                                },
                                "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.plugin_version.keyword"
                                },
                                "plugins.endpoint_detection_and_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.reboot_reasons"
                                },
                                "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.reboot_reasons"
                                },
                                "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                                },
                                "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                                },
                                "plugins.incident_response.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.incident_response.plugin_version"
                                },
                                "not.plugins.incident_response.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.plugin_version"
                                },
                                "plugins.incident_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.incident_response.plugin_version.keyword"
                                },
                                "not.plugins.incident_response.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.plugin_version.keyword"
                                },
                                "plugins.incident_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.incident_response.reboot_reasons"
                                },
                                "not.plugins.incident_response.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.reboot_reasons"
                                },
                                "plugins.incident_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.incident_response.reboot_reasons.keyword"
                                },
                                "not.plugins.incident_response.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.incident_response.reboot_reasons.keyword"
                                },
                                "plugins.siem.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.siem.plugin_version"
                                },
                                "not.plugins.siem.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.siem.plugin_version"
                                },
                                "plugins.siem.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.siem.plugin_version.keyword"
                                },
                                "not.plugins.siem.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.siem.plugin_version.keyword"
                                },
                                "plugins.browser_phishing_protection.plugin_version": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.plugin_version"
                                },
                                "not.plugins.browser_phishing_protection.plugin_version": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.plugin_version"
                                },
                                "plugins.browser_phishing_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.plugin_version.keyword"
                                },
                                "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.plugin_version.keyword"
                                },
                                "plugins.browser_phishing_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.reboot_reasons"
                                },
                                "not.plugins.browser_phishing_protection.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.reboot_reasons"
                                },
                                "plugins.browser_phishing_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.browser_phishing_protection.reboot_reasons.keyword"
                                },
                                "not.plugins.browser_phishing_protection.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.browser_phishing_protection.reboot_reasons.keyword"
                                },
                                "plugins.siem.reboot_reasons": {
                                  "type": "string",
                                  "title": "plugins.siem.reboot_reasons"
                                },
                                "not.plugins.siem.reboot_reasons": {
                                  "type": "string",
                                  "title": "not.plugins.siem.reboot_reasons"
                                },
                                "plugins.siem.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "plugins.siem.reboot_reasons.keyword"
                                },
                                "not.plugins.siem.reboot_reasons.keyword": {
                                  "type": "string",
                                  "title": "not.plugins.siem.reboot_reasons.keyword"
                                },
                                "engine_version": {
                                  "type": "string",
                                  "title": "engine_version"
                                },
                                "not.engine_version": {
                                  "type": "string",
                                  "title": "not.engine_version"
                                },
                                "engine_version.keyword": {
                                  "type": "string",
                                  "title": "engine_version.keyword"
                                },
                                "not.engine_version.keyword": {
                                  "type": "string",
                                  "title": "not.engine_version.keyword"
                                },
                                "domain_name": {
                                  "type": "string",
                                  "title": "domain_name"
                                },
                                "not.domain_name": {
                                  "type": "string",
                                  "title": "not.domain_name"
                                },
                                "domain_name.keyword": {
                                  "type": "string",
                                  "title": "domain_name.keyword"
                                },
                                "not.domain_name.keyword": {
                                  "type": "string",
                                  "title": "not.domain_name.keyword"
                                },
                                "policy_etag": {
                                  "type": "string",
                                  "title": "policy_etag"
                                },
                                "not.policy_etag": {
                                  "type": "string",
                                  "title": "not.policy_etag"
                                },
                                "policy_etag.keyword": {
                                  "type": "string",
                                  "title": "policy_etag.keyword"
                                },
                                "not.policy_etag.keyword": {
                                  "type": "string",
                                  "title": "not.policy_etag.keyword"
                                },
                                "last_user": {
                                  "type": "string",
                                  "title": "last_user"
                                },
                                "not.last_user": {
                                  "type": "string",
                                  "title": "not.last_user"
                                },
                                "last_user.keyword": {
                                  "type": "string",
                                  "title": "last_user.keyword"
                                },
                                "not.last_user.keyword": {
                                  "type": "string",
                                  "title": "not.last_user.keyword"
                                },
                                "serial_number": {
                                  "type": "string",
                                  "title": "serial_number"
                                },
                                "not.serial_number": {
                                  "type": "string",
                                  "title": "not.serial_number"
                                },
                                "serial_number.keyword": {
                                  "type": "string",
                                  "title": "serial_number.keyword"
                                },
                                "not.serial_number.keyword": {
                                  "type": "string",
                                  "title": "not.serial_number.keyword"
                                }
                              }
                            }
                          ],
                          "properties": {
                            "id": {
                              "type": "string",
                              "title": "Filter the search by DNS event id. Search for an exact match"
                            },
                            "not.id": {
                              "type": "string",
                              "title": "Filter the search by not.id. Search for the matches that are not equal to the value"
                            },
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for an exact match"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "rule_id": {
                              "type": "string",
                              "title": "Filter the search by rule_id. Search for an exact match"
                            },
                            "rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by rule_id.keyword. Search for the matches that contain the value"
                            },
                            "not.rule_id": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id. Search for the matches that are not equal to the value"
                            },
                            "not.rule_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.rule_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "rule_name": {
                              "type": "string",
                              "title": "Filter the search by rule_name. Search for an exact match"
                            },
                            "rule_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by rule_name.keyword. Search for the matches that contain the value"
                            },
                            "not.rule_name": {
                              "type": "string",
                              "title": "Filter the search by not.rule_name. Search for the matches that are not equal to the value"
                            },
                            "not.rule_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.rule_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "policy_id": {
                              "type": "string",
                              "title": "Filter the search by policy_id. Search for an exact match"
                            },
                            "policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_id.keyword. Search for the matches that contain the value"
                            },
                            "not.policy_id": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id. Search for the matches that are not equal to the value"
                            },
                            "not.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter the search by policy_name. Search for an exact match"
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by policy_name.keyword. Search for the matches that contain the value"
                            },
                            "not.policy_name": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name. Search for the matches that are not equal to the value"
                            },
                            "not.policy_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.policy_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "account_id": {
                              "type": "string",
                              "title": "Filter the search by account_id. Search for an exact match"
                            },
                            "account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by account_id.keyword. Search for the matches that contain the value"
                            },
                            "not.account_id": {
                              "type": "string",
                              "title": "Filter the search by not.account_id. Search for the matches that are not equal to the value"
                            },
                            "not.account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.account_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id. Search for an exact match"
                            },
                            "parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                            },
                            "not.parent_account_id": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                            },
                            "not.parent_account_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "action": {
                              "type": "string",
                              "title": "Filter the search by action. Search for an exact match"
                            },
                            "action.keyword": {
                              "type": "string",
                              "title": "Filter the search by action.keyword. Search for the matches that contain the value"
                            },
                            "not.action": {
                              "type": "string",
                              "title": "Filter the search by not.action. Search for the matches that are not equal to the value"
                            },
                            "not.action.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.action.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.policy_id": {
                              "type": "string",
                              "title": "Filter the search by log.policy_id. Search for an exact match"
                            },
                            "log.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.policy_id.keyword. Search for the matches that contain the value"
                            },
                            "not.log.policy_id": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy_id. Search for the matches that are not equal to the value"
                            },
                            "not.log.policy_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.policy": {
                              "type": "string",
                              "title": "Filter the search by log.policy. Search for an exact match"
                            },
                            "log.policy.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.policy.keyword. Search for the matches that contain the value"
                            },
                            "not.log.policy": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy. Search for the matches that are not equal to the value"
                            },
                            "not.log.policy.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.policy.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.protocol": {
                              "type": "string",
                              "title": "Filter the search by log.protocol. Search for an exact match"
                            },
                            "log.protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.protocol.keyword. Search for the matches that contain the value"
                            },
                            "not.log.protocol": {
                              "type": "string",
                              "title": "Filter the search by not.log.protocol. Search for the matches that are not equal to the value"
                            },
                            "not.log.protocol.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.protocol.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.query_name": {
                              "type": "string",
                              "title": "Filter the search by log.query_name. Search for an exact match"
                            },
                            "log.query_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.query_name.keyword. Search for the matches that contain the value"
                            },
                            "not.log.query_name": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name. Search for the matches that are not equal to the value"
                            },
                            "not.log.query_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.query_name_reversed": {
                              "type": "string",
                              "title": "Filter the search by log.query_name_reversed. Search for an exact match"
                            },
                            "log.query_name_reversed.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.query_name_reversed.keyword. Search for the matches that contain the value"
                            },
                            "not.log.query_name_reversed": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name_reversed. Search for the matches that are not equal to the value"
                            },
                            "not.log.query_name_reversed.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.query_name_reversed.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.resolver_decision": {
                              "type": "string",
                              "title": "Filter the search by log.resolver_decision. Search for an exact match"
                            },
                            "log.resolver_decision.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.resolver_decision.keyword. Search for the matches that contain the value"
                            },
                            "not.log.resolver_decision": {
                              "type": "string",
                              "title": "Filter the search by not.log.resolver_decision. Search for the matches that are not equal to the value"
                            },
                            "not.log.resolver_decision.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.resolver_decision.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.user_id": {
                              "type": "string",
                              "title": "Filter the search by log.user_id. Search for an exact match"
                            },
                            "log.user_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by log.user_id.keyword. Search for the matches that contain the value"
                            },
                            "not.log.user_id": {
                              "type": "string",
                              "title": "Filter the search by not.log.user_id. Search for the matches that are not equal to the value"
                            },
                            "not.log.user_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.log.user_id.keyword. Search for the matches that doesnt contain the value"
                            },
                            "log.colo_id": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id. Search for an exact match of the integer value"
                            },
                            "log.colo_id_lt": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_lt. Search for the documents that are less than the value"
                            },
                            "log.colo_id_lte": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.colo_id_gt": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_gt. Search for the documents that are greater than the value"
                            },
                            "log.colo_id_gte": {
                              "type": "number",
                              "title": "Filter the search by log.colo_id_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.dst_port": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port. Search for an exact match of the integer value"
                            },
                            "log.dst_port_lt": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_lt. Search for the documents that are less than the value"
                            },
                            "log.dst_port_lte": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.dst_port_gt": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_gt. Search for the documents that are greater than the value"
                            },
                            "log.dst_port_gte": {
                              "type": "number",
                              "title": "Filter the search by log.dst_port_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.query_category_ids": {
                              "type": "array",
                              "items": {
                                "type": "number"
                              },
                              "title": "Filter the search by log.query_category_ids. Search for an exact match of the integer value"
                            },
                            "log.query_size": {
                              "type": "number",
                              "title": "Filter the search by log.query_size. Search for an exact match of the integer value"
                            },
                            "log.query_size_lt": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_lt. Search for the documents that are less than the value"
                            },
                            "log.query_size_lte": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.query_size_gt": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_gt. Search for the documents that are greater than the value"
                            },
                            "log.query_size_gte": {
                              "type": "number",
                              "title": "Filter the search by log.query_size_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.query_type": {
                              "type": "number",
                              "title": "Filter the search by log.query_type. Search for an exact match of the integer value"
                            },
                            "log.query_type_lt": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_lt. Search for the documents that are less than the value"
                            },
                            "log.query_type_lte": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.query_type_gt": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_gt. Search for the documents that are greater than the value"
                            },
                            "log.query_type_gte": {
                              "type": "number",
                              "title": "Filter the search by log.query_type_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.src_port": {
                              "type": "number",
                              "title": "Filter the search by log.src_port. Search for an exact match of the integer value"
                            },
                            "log.src_port_lt": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_lt. Search for the documents that are less than the value"
                            },
                            "log.src_port_lte": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_lte. Search for the documents that are less or equal than the value"
                            },
                            "log.src_port_gt": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_gt. Search for the documents that are greater than the value"
                            },
                            "log.src_port_gte": {
                              "type": "number",
                              "title": "Filter the search by log.src_port_gte. Search for the documents that are greater or equal than the value"
                            },
                            "log.datetime_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by log.datetime_before. Search for the documents that are after the given timestamp"
                            },
                            "log.datetime_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by log.datetime_after. "
                            },
                            "timestamp_before": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by timestamp_before. Search for the documents that are after the given timestamp"
                            },
                            "timestamp_after": {
                              "type": "string",
                              "format": "date-time",
                              "title": "Filter the search by timestamp_after. "
                            },
                            "log.dst_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by log.dst_ip. Search for an exact match"
                            },
                            "not.log.dst_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by not.log.dst_ip. Search for the matches that are not equal to the value"
                            },
                            "log.src_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by log.src_ip. Search for an exact match"
                            },
                            "not.log.src_ip": {
                              "type": "string",
                              "format": "ipv4",
                              "title": "Filter the search by not.log.src_ip. Search for the matches that are not equal to the value"
                            },
                            "resolved_ips": {
                              "type": "string",
                              "title": "Filter the search by resolved_ips. Search for an exact match"
                            },
                            "not.resolved_ips": {
                              "type": "string",
                              "title": "Filter the search by not.resolved_ips. Search for the matches that are not equal to the value"
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "group_name",
                                "rule_id",
                                "rule_name",
                                "resolved_ips",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "parent_account_id",
                                "action",
                                "log.policy_id",
                                "log.policy",
                                "log.protocol",
                                "log.query_name",
                                "log.query_name_reversed",
                                "log.resolver_decision",
                                "log.user_id",
                                "log.colo_id",
                                "log.dst_port",
                                "log.query_category_ids",
                                "log.query_size",
                                "log.query_type",
                                "log.src_port",
                                "log.dst_ip",
                                "log.src_ip",
                                "timestamp",
                                "log.datetime",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number"
                              ]
                            },
                            "populate": {
                              "type": "object",
                              "title": "Populate object schema",
                              "properties": {
                                "group": {
                                  "type": "boolean",
                                  "title": "Populates group data (group name, policy name, policy id)"
                                },
                                "endpoint": {
                                  "type": "boolean",
                                  "title": "Populate with the endpoint data (last day seen, last user)"
                                }
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "machine_id",
                                  "group_id",
                                  "rule_id",
                                  "rule_name",
                                  "resolved_ips",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "account_id",
                                  "parent_account_id",
                                  "action",
                                  "log.policy_id",
                                  "log.policy",
                                  "log.protocol",
                                  "log.query_name",
                                  "log.query_name_reversed",
                                  "log.resolver_decision",
                                  "log.user_id",
                                  "log.colo_id",
                                  "log.dst_port",
                                  "log.query_category_ids",
                                  "log.query_size",
                                  "log.query_type",
                                  "log.src_port",
                                  "log.dst_ip",
                                  "log.src_ip",
                                  "timestamp",
                                  "log.datetime",
                                  "agent.at",
                                  "agent.last_user",
                                  "agent.fully_qualified_host_name",
                                  "agent.started_at_local",
                                  "agent.started_at_offset",
                                  "agent.os_info.os_type",
                                  "agent.os_info.os_version",
                                  "agent.os_info.os_platform",
                                  "agent.os_info.os_architecture",
                                  "agent.os_info.os_release_name",
                                  "agent.domain_name",
                                  "agent.engine_version",
                                  "agent.policy_etag",
                                  "agent.host_name",
                                  "agent.nics.ips",
                                  "agent.nics.mac_address",
                                  "machine.tags.alias",
                                  "agent.has_alerts",
                                  "agent.machine_ip",
                                  "agent.object_guid",
                                  "agent.plugins.endpoint_protection.sdk_version",
                                  "agent.plugins.endpoint_protection.component_package_version",
                                  "agent.source_location.city",
                                  "agent.source_location.country",
                                  "agent.source_location.country_iso",
                                  "agent.source_location.continent",
                                  "agent.source_location.time_zone",
                                  "agent.source_location.postal_code",
                                  "agent.source_location.subdivisions",
                                  "agent.source_location.anonymous_proxy",
                                  "agent.serial_number",
                                  "daily_logs"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "DNS Logs"
        ],
        "operationId": "api.nebula.post.export.dns.async"
      }
    },
    "/nebula/v1/dns": {
      "post": {
        "description": "Search DNS Logs.",
        "summary": "Search DNS Logs",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search DNS Logs request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Agent constraints",
                    "description": "The Agents constraints.",
                    "properties": {
                      "nics.mac_address": {
                        "type": "string",
                        "title": "nics.mac_address"
                      },
                      "not.nics.mac_address": {
                        "type": "string",
                        "title": "not.nics.mac_address"
                      },
                      "nics.mac_address.keyword": {
                        "type": "string",
                        "title": "nics.mac_address.keyword"
                      },
                      "not.nics.mac_address.keyword": {
                        "type": "string",
                        "title": "not.nics.mac_address.keyword"
                      },
                      "nics.description": {
                        "type": "string",
                        "title": "nics.description"
                      },
                      "not.nics.description": {
                        "type": "string",
                        "title": "not.nics.description"
                      },
                      "nics.description.keyword": {
                        "type": "string",
                        "title": "nics.description.keyword"
                      },
                      "not.nics.description.keyword": {
                        "type": "string",
                        "title": "not.nics.description.keyword"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "os_info.os_type"
                      },
                      "not.os_info.os_type": {
                        "type": "string",
                        "title": "not.os_info.os_type"
                      },
                      "os_info.os_type.keyword": {
                        "type": "string",
                        "title": "os_info.os_type.keyword"
                      },
                      "not.os_info.os_type.keyword": {
                        "type": "string",
                        "title": "not.os_info.os_type.keyword"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "os_info.os_version"
                      },
                      "not.os_info.os_version": {
                        "type": "string",
                        "title": "not.os_info.os_version"
                      },
                      "os_info.os_version.keyword": {
                        "type": "string",
                        "title": "os_info.os_version.keyword"
                      },
                      "not.os_info.os_version.keyword": {
                        "type": "string",
                        "title": "not.os_info.os_version.keyword"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "os_info.os_platform"
                      },
                      "not.os_info.os_platform": {
                        "type": "string",
                        "title": "not.os_info.os_platform"
                      },
                      "os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "os_info.os_platform.keyword"
                      },
                      "not.os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "not.os_info.os_platform.keyword"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "os_info.os_architecture"
                      },
                      "not.os_info.os_architecture": {
                        "type": "string",
                        "title": "not.os_info.os_architecture"
                      },
                      "os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "os_info.os_architecture.keyword"
                      },
                      "not.os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "not.os_info.os_architecture.keyword"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "os_info.os_release_name"
                      },
                      "not.os_info.os_release_name": {
                        "type": "string",
                        "title": "not.os_info.os_release_name"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "os_info.os_release_name.keyword"
                      },
                      "not.os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "not.os_info.os_release_name.keyword"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "host_name"
                      },
                      "not.host_name": {
                        "type": "string",
                        "title": "not.host_name"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "host_name.keyword"
                      },
                      "not.host_name.keyword": {
                        "type": "string",
                        "title": "not.host_name.keyword"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "fully_qualified_host_name"
                      },
                      "not.fully_qualified_host_name": {
                        "type": "string",
                        "title": "not.fully_qualified_host_name"
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "fully_qualified_host_name.keyword"
                      },
                      "not.fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "not.fully_qualified_host_name.keyword"
                      },
                      "plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "plugins.asset_manager.plugin_version"
                      },
                      "not.plugins.asset_manager.plugin_version": {
                        "type": "string",
                        "title": "not.plugins.asset_manager.plugin_version"
                      },
                      "plugins.asset_manager.plugin_version.keyword": {
                        "type": "string",
                        "title": "plugins.asset_manager.plugin_version.keyword"
                      },
                      "not.plugins.asset_manager.plugin_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.asset_manager.plugin_version.keyword"
                      },
                      "plugins.asset_manager.reboot_reasons": {
                        "type": "string",
                        "title": "plugins.asset_manager.reboot_reasons"
                      },
                      "not.plugins.asset_manager.reboot_reasons": {
                        "type": "string",
                        "title": "not.plugins.asset_manager.reboot_reasons"
                      },
                      "plugins.asset_manager.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "plugins.asset_manager.reboot_reasons.keyword"
                      },
                      "not.plugins.asset_manager.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "not.plugins.asset_manager.reboot_reasons.keyword"
                      },
                      "plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.plugin_version"
                      },
                      "not.plugins.endpoint_protection.plugin_version": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.plugin_version"
                      },
                      "plugins.endpoint_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.plugin_version.keyword"
                      },
                      "not.plugins.endpoint_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.plugin_version.keyword"
                      },
                      "plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.sdk_version"
                      },
                      "not.plugins.endpoint_protection.sdk_version": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.sdk_version"
                      },
                      "plugins.endpoint_protection.sdk_version.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.sdk_version.keyword"
                      },
                      "not.plugins.endpoint_protection.sdk_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.sdk_version.keyword"
                      },
                      "plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.component_package_version"
                      },
                      "not.plugins.endpoint_protection.component_package_version": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.component_package_version"
                      },
                      "plugins.endpoint_protection.component_package_version.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.component_package_version.keyword"
                      },
                      "not.plugins.endpoint_protection.component_package_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.component_package_version.keyword"
                      },
                      "plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.update_package_version"
                      },
                      "not.plugins.endpoint_protection.update_package_version": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.update_package_version"
                      },
                      "plugins.endpoint_protection.update_package_version.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.update_package_version.keyword"
                      },
                      "not.plugins.endpoint_protection.update_package_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.update_package_version.keyword"
                      },
                      "plugins.endpoint_protection.reboot_reasons": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.reboot_reasons"
                      },
                      "not.plugins.endpoint_protection.reboot_reasons": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.reboot_reasons"
                      },
                      "plugins.endpoint_protection.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_protection.reboot_reasons.keyword"
                      },
                      "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_protection.reboot_reasons.keyword"
                      },
                      "plugins.endpoint_detection_and_response.plugin_version": {
                        "type": "string",
                        "title": "plugins.endpoint_detection_and_response.plugin_version"
                      },
                      "not.plugins.endpoint_detection_and_response.plugin_version": {
                        "type": "string",
                        "title": "not.plugins.endpoint_detection_and_response.plugin_version"
                      },
                      "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_detection_and_response.plugin_version.keyword"
                      },
                      "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_detection_and_response.plugin_version.keyword"
                      },
                      "plugins.endpoint_detection_and_response.reboot_reasons": {
                        "type": "string",
                        "title": "plugins.endpoint_detection_and_response.reboot_reasons"
                      },
                      "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                        "type": "string",
                        "title": "not.plugins.endpoint_detection_and_response.reboot_reasons"
                      },
                      "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                      },
                      "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                      },
                      "plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "plugins.incident_response.plugin_version"
                      },
                      "not.plugins.incident_response.plugin_version": {
                        "type": "string",
                        "title": "not.plugins.incident_response.plugin_version"
                      },
                      "plugins.incident_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "plugins.incident_response.plugin_version.keyword"
                      },
                      "not.plugins.incident_response.plugin_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.incident_response.plugin_version.keyword"
                      },
                      "plugins.incident_response.reboot_reasons": {
                        "type": "string",
                        "title": "plugins.incident_response.reboot_reasons"
                      },
                      "not.plugins.incident_response.reboot_reasons": {
                        "type": "string",
                        "title": "not.plugins.incident_response.reboot_reasons"
                      },
                      "plugins.incident_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "plugins.incident_response.reboot_reasons.keyword"
                      },
                      "not.plugins.incident_response.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "not.plugins.incident_response.reboot_reasons.keyword"
                      },
                      "plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "plugins.siem.plugin_version"
                      },
                      "not.plugins.siem.plugin_version": {
                        "type": "string",
                        "title": "not.plugins.siem.plugin_version"
                      },
                      "plugins.siem.plugin_version.keyword": {
                        "type": "string",
                        "title": "plugins.siem.plugin_version.keyword"
                      },
                      "not.plugins.siem.plugin_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.siem.plugin_version.keyword"
                      },
                      "plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "plugins.browser_phishing_protection.plugin_version"
                      },
                      "not.plugins.browser_phishing_protection.plugin_version": {
                        "type": "string",
                        "title": "not.plugins.browser_phishing_protection.plugin_version"
                      },
                      "plugins.browser_phishing_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "plugins.browser_phishing_protection.plugin_version.keyword"
                      },
                      "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                        "type": "string",
                        "title": "not.plugins.browser_phishing_protection.plugin_version.keyword"
                      },
                      "plugins.browser_phishing_protection.reboot_reasons": {
                        "type": "string",
                        "title": "plugins.browser_phishing_protection.reboot_reasons"
                      },
                      "not.plugins.browser_phishing_protection.reboot_reasons": {
                        "type": "string",
                        "title": "not.plugins.browser_phishing_protection.reboot_reasons"
                      },
                      "plugins.browser_phishing_protection.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "plugins.browser_phishing_protection.reboot_reasons.keyword"
                      },
                      "not.plugins.browser_phishing_protection.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "not.plugins.browser_phishing_protection.reboot_reasons.keyword"
                      },
                      "plugins.siem.reboot_reasons": {
                        "type": "string",
                        "title": "plugins.siem.reboot_reasons"
                      },
                      "not.plugins.siem.reboot_reasons": {
                        "type": "string",
                        "title": "not.plugins.siem.reboot_reasons"
                      },
                      "plugins.siem.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "plugins.siem.reboot_reasons.keyword"
                      },
                      "not.plugins.siem.reboot_reasons.keyword": {
                        "type": "string",
                        "title": "not.plugins.siem.reboot_reasons.keyword"
                      },
                      "engine_version": {
                        "type": "string",
                        "title": "engine_version"
                      },
                      "not.engine_version": {
                        "type": "string",
                        "title": "not.engine_version"
                      },
                      "engine_version.keyword": {
                        "type": "string",
                        "title": "engine_version.keyword"
                      },
                      "not.engine_version.keyword": {
                        "type": "string",
                        "title": "not.engine_version.keyword"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "domain_name"
                      },
                      "not.domain_name": {
                        "type": "string",
                        "title": "not.domain_name"
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "domain_name.keyword"
                      },
                      "not.domain_name.keyword": {
                        "type": "string",
                        "title": "not.domain_name.keyword"
                      },
                      "policy_etag": {
                        "type": "string",
                        "title": "policy_etag"
                      },
                      "not.policy_etag": {
                        "type": "string",
                        "title": "not.policy_etag"
                      },
                      "policy_etag.keyword": {
                        "type": "string",
                        "title": "policy_etag.keyword"
                      },
                      "not.policy_etag.keyword": {
                        "type": "string",
                        "title": "not.policy_etag.keyword"
                      },
                      "last_user": {
                        "type": "string",
                        "title": "last_user"
                      },
                      "not.last_user": {
                        "type": "string",
                        "title": "not.last_user"
                      },
                      "last_user.keyword": {
                        "type": "string",
                        "title": "last_user.keyword"
                      },
                      "not.last_user.keyword": {
                        "type": "string",
                        "title": "not.last_user.keyword"
                      },
                      "serial_number": {
                        "type": "string",
                        "title": "serial_number"
                      },
                      "not.serial_number": {
                        "type": "string",
                        "title": "not.serial_number"
                      },
                      "serial_number.keyword": {
                        "type": "string",
                        "title": "serial_number.keyword"
                      },
                      "not.serial_number.keyword": {
                        "type": "string",
                        "title": "not.serial_number.keyword"
                      }
                    }
                  }
                ],
                "properties": {
                  "id": {
                    "type": "string",
                    "title": "Filter the search by DNS event id. Search for an exact match"
                  },
                  "not.id": {
                    "type": "string",
                    "title": "Filter the search by not.id. Search for the matches that are not equal to the value"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Filter the search by machine_id. Search for an exact match"
                  },
                  "machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                  },
                  "not.machine_id": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                  },
                  "not.machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter the search by group_id. Search for an exact match"
                  },
                  "group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                  },
                  "not.group_id": {
                    "type": "string",
                    "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                  },
                  "not.group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter the search by group_name. Search for an exact match"
                  },
                  "group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                  },
                  "not.group_name": {
                    "type": "string",
                    "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                  },
                  "not.group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_name.keyword. Search for the matches that doesnt contain the value"
                  },
                  "rule_id": {
                    "type": "string",
                    "title": "Filter the search by rule_id. Search for an exact match"
                  },
                  "rule_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by rule_id.keyword. Search for the matches that contain the value"
                  },
                  "not.rule_id": {
                    "type": "string",
                    "title": "Filter the search by not.rule_id. Search for the matches that are not equal to the value"
                  },
                  "not.rule_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.rule_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "rule_name": {
                    "type": "string",
                    "title": "Filter the search by rule_name. Search for an exact match"
                  },
                  "rule_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by rule_name.keyword. Search for the matches that contain the value"
                  },
                  "not.rule_name": {
                    "type": "string",
                    "title": "Filter the search by not.rule_name. Search for the matches that are not equal to the value"
                  },
                  "not.rule_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.rule_name.keyword. Search for the matches that doesnt contain the value"
                  },
                  "policy_id": {
                    "type": "string",
                    "title": "Filter the search by policy_id. Search for an exact match"
                  },
                  "policy_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by policy_id.keyword. Search for the matches that contain the value"
                  },
                  "not.policy_id": {
                    "type": "string",
                    "title": "Filter the search by not.policy_id. Search for the matches that are not equal to the value"
                  },
                  "not.policy_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.policy_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "policy_name": {
                    "type": "string",
                    "title": "Filter the search by policy_name. Search for an exact match"
                  },
                  "policy_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by policy_name.keyword. Search for the matches that contain the value"
                  },
                  "not.policy_name": {
                    "type": "string",
                    "title": "Filter the search by not.policy_name. Search for the matches that are not equal to the value"
                  },
                  "not.policy_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.policy_name.keyword. Search for the matches that doesnt contain the value"
                  },
                  "account_id": {
                    "type": "string",
                    "title": "Filter the search by account_id. Search for an exact match"
                  },
                  "account_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by account_id.keyword. Search for the matches that contain the value"
                  },
                  "not.account_id": {
                    "type": "string",
                    "title": "Filter the search by not.account_id. Search for the matches that are not equal to the value"
                  },
                  "not.account_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.account_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "parent_account_id": {
                    "type": "string",
                    "title": "Filter the search by parent_account_id. Search for an exact match"
                  },
                  "parent_account_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                  },
                  "not.parent_account_id": {
                    "type": "string",
                    "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                  },
                  "not.parent_account_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "action": {
                    "type": "string",
                    "title": "Filter the search by action. Search for an exact match"
                  },
                  "action.keyword": {
                    "type": "string",
                    "title": "Filter the search by action.keyword. Search for the matches that contain the value"
                  },
                  "not.action": {
                    "type": "string",
                    "title": "Filter the search by not.action. Search for the matches that are not equal to the value"
                  },
                  "not.action.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.action.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.policy_id": {
                    "type": "string",
                    "title": "Filter the search by log.policy_id. Search for an exact match"
                  },
                  "log.policy_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.policy_id.keyword. Search for the matches that contain the value"
                  },
                  "not.log.policy_id": {
                    "type": "string",
                    "title": "Filter the search by not.log.policy_id. Search for the matches that are not equal to the value"
                  },
                  "not.log.policy_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.policy_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.policy": {
                    "type": "string",
                    "title": "Filter the search by log.policy. Search for an exact match"
                  },
                  "log.policy.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.policy.keyword. Search for the matches that contain the value"
                  },
                  "not.log.policy": {
                    "type": "string",
                    "title": "Filter the search by not.log.policy. Search for the matches that are not equal to the value"
                  },
                  "not.log.policy.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.policy.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.protocol": {
                    "type": "string",
                    "title": "Filter the search by log.protocol. Search for an exact match"
                  },
                  "log.protocol.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.protocol.keyword. Search for the matches that contain the value"
                  },
                  "not.log.protocol": {
                    "type": "string",
                    "title": "Filter the search by not.log.protocol. Search for the matches that are not equal to the value"
                  },
                  "not.log.protocol.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.protocol.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.query_name": {
                    "type": "string",
                    "title": "Filter the search by log.query_name. Search for an exact match"
                  },
                  "log.query_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.query_name.keyword. Search for the matches that contain the value"
                  },
                  "not.log.query_name": {
                    "type": "string",
                    "title": "Filter the search by not.log.query_name. Search for the matches that are not equal to the value"
                  },
                  "not.log.query_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.query_name.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.query_name_reversed": {
                    "type": "string",
                    "title": "Filter the search by log.query_name_reversed. Search for an exact match"
                  },
                  "log.query_name_reversed.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.query_name_reversed.keyword. Search for the matches that contain the value"
                  },
                  "not.log.query_name_reversed": {
                    "type": "string",
                    "title": "Filter the search by not.log.query_name_reversed. Search for the matches that are not equal to the value"
                  },
                  "not.log.query_name_reversed.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.query_name_reversed.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.resolver_decision": {
                    "type": "string",
                    "title": "Filter the search by log.resolver_decision. Search for an exact match"
                  },
                  "log.resolver_decision.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.resolver_decision.keyword. Search for the matches that contain the value"
                  },
                  "not.log.resolver_decision": {
                    "type": "string",
                    "title": "Filter the search by not.log.resolver_decision. Search for the matches that are not equal to the value"
                  },
                  "not.log.resolver_decision.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.resolver_decision.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.user_id": {
                    "type": "string",
                    "title": "Filter the search by log.user_id. Search for an exact match"
                  },
                  "log.user_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by log.user_id.keyword. Search for the matches that contain the value"
                  },
                  "not.log.user_id": {
                    "type": "string",
                    "title": "Filter the search by not.log.user_id. Search for the matches that are not equal to the value"
                  },
                  "not.log.user_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.log.user_id.keyword. Search for the matches that doesnt contain the value"
                  },
                  "log.colo_id": {
                    "type": "number",
                    "title": "Filter the search by log.colo_id. Search for an exact match of the integer value"
                  },
                  "log.colo_id_lt": {
                    "type": "number",
                    "title": "Filter the search by log.colo_id_lt. Search for the documents that are less than the value"
                  },
                  "log.colo_id_lte": {
                    "type": "number",
                    "title": "Filter the search by log.colo_id_lte. Search for the documents that are less or equal than the value"
                  },
                  "log.colo_id_gt": {
                    "type": "number",
                    "title": "Filter the search by log.colo_id_gt. Search for the documents that are greater than the value"
                  },
                  "log.colo_id_gte": {
                    "type": "number",
                    "title": "Filter the search by log.colo_id_gte. Search for the documents that are greater or equal than the value"
                  },
                  "log.dst_port": {
                    "type": "number",
                    "title": "Filter the search by log.dst_port. Search for an exact match of the integer value"
                  },
                  "log.dst_port_lt": {
                    "type": "number",
                    "title": "Filter the search by log.dst_port_lt. Search for the documents that are less than the value"
                  },
                  "log.dst_port_lte": {
                    "type": "number",
                    "title": "Filter the search by log.dst_port_lte. Search for the documents that are less or equal than the value"
                  },
                  "log.dst_port_gt": {
                    "type": "number",
                    "title": "Filter the search by log.dst_port_gt. Search for the documents that are greater than the value"
                  },
                  "log.dst_port_gte": {
                    "type": "number",
                    "title": "Filter the search by log.dst_port_gte. Search for the documents that are greater or equal than the value"
                  },
                  "log.query_category_ids": {
                    "type": "array",
                    "items": {
                      "type": "number"
                    },
                    "title": "Filter the search by log.query_category_ids. Search for an exact match of the integer value"
                  },
                  "log.query_size": {
                    "type": "number",
                    "title": "Filter the search by log.query_size. Search for an exact match of the integer value"
                  },
                  "log.query_size_lt": {
                    "type": "number",
                    "title": "Filter the search by log.query_size_lt. Search for the documents that are less than the value"
                  },
                  "log.query_size_lte": {
                    "type": "number",
                    "title": "Filter the search by log.query_size_lte. Search for the documents that are less or equal than the value"
                  },
                  "log.query_size_gt": {
                    "type": "number",
                    "title": "Filter the search by log.query_size_gt. Search for the documents that are greater than the value"
                  },
                  "log.query_size_gte": {
                    "type": "number",
                    "title": "Filter the search by log.query_size_gte. Search for the documents that are greater or equal than the value"
                  },
                  "log.query_type": {
                    "type": "number",
                    "title": "Filter the search by log.query_type. Search for an exact match of the integer value"
                  },
                  "log.query_type_lt": {
                    "type": "number",
                    "title": "Filter the search by log.query_type_lt. Search for the documents that are less than the value"
                  },
                  "log.query_type_lte": {
                    "type": "number",
                    "title": "Filter the search by log.query_type_lte. Search for the documents that are less or equal than the value"
                  },
                  "log.query_type_gt": {
                    "type": "number",
                    "title": "Filter the search by log.query_type_gt. Search for the documents that are greater than the value"
                  },
                  "log.query_type_gte": {
                    "type": "number",
                    "title": "Filter the search by log.query_type_gte. Search for the documents that are greater or equal than the value"
                  },
                  "log.src_port": {
                    "type": "number",
                    "title": "Filter the search by log.src_port. Search for an exact match of the integer value"
                  },
                  "log.src_port_lt": {
                    "type": "number",
                    "title": "Filter the search by log.src_port_lt. Search for the documents that are less than the value"
                  },
                  "log.src_port_lte": {
                    "type": "number",
                    "title": "Filter the search by log.src_port_lte. Search for the documents that are less or equal than the value"
                  },
                  "log.src_port_gt": {
                    "type": "number",
                    "title": "Filter the search by log.src_port_gt. Search for the documents that are greater than the value"
                  },
                  "log.src_port_gte": {
                    "type": "number",
                    "title": "Filter the search by log.src_port_gte. Search for the documents that are greater or equal than the value"
                  },
                  "log.datetime_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by log.datetime_before. Search for the documents that are after the given timestamp"
                  },
                  "log.datetime_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by log.datetime_after. "
                  },
                  "timestamp_before": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by timestamp_before. Search for the documents that are after the given timestamp"
                  },
                  "timestamp_after": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Filter the search by timestamp_after. "
                  },
                  "log.dst_ip": {
                    "type": "string",
                    "format": "ipv4",
                    "title": "Filter the search by log.dst_ip. Search for an exact match"
                  },
                  "not.log.dst_ip": {
                    "type": "string",
                    "format": "ipv4",
                    "title": "Filter the search by not.log.dst_ip. Search for the matches that are not equal to the value"
                  },
                  "log.src_ip": {
                    "type": "string",
                    "format": "ipv4",
                    "title": "Filter the search by log.src_ip. Search for an exact match"
                  },
                  "not.log.src_ip": {
                    "type": "string",
                    "format": "ipv4",
                    "title": "Filter the search by not.log.src_ip. Search for the matches that are not equal to the value"
                  },
                  "resolved_ips": {
                    "type": "string",
                    "title": "Filter the search by resolved_ips. Search for an exact match"
                  },
                  "not.resolved_ips": {
                    "type": "string",
                    "title": "Filter the search by not.resolved_ips. Search for the matches that are not equal to the value"
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "machine_id",
                      "group_id",
                      "group_name",
                      "rule_id",
                      "rule_name",
                      "resolved_ips",
                      "policy_id",
                      "policy_name",
                      "account_id",
                      "parent_account_id",
                      "action",
                      "log.policy_id",
                      "log.policy",
                      "log.protocol",
                      "log.query_name",
                      "log.query_name_reversed",
                      "log.resolver_decision",
                      "log.user_id",
                      "log.colo_id",
                      "log.dst_port",
                      "log.query_category_ids",
                      "log.query_size",
                      "log.query_type",
                      "log.src_port",
                      "log.dst_ip",
                      "log.src_ip",
                      "timestamp",
                      "log.datetime",
                      "agent.at",
                      "agent.last_user",
                      "agent.fully_qualified_host_name",
                      "agent.started_at_local",
                      "agent.started_at_offset",
                      "agent.os_info.os_type",
                      "agent.os_info.os_version",
                      "agent.os_info.os_platform",
                      "agent.os_info.os_architecture",
                      "agent.os_info.os_release_name",
                      "agent.domain_name",
                      "agent.engine_version",
                      "agent.policy_etag",
                      "agent.host_name",
                      "agent.nics.ips",
                      "agent.nics.mac_address",
                      "machine.tags.alias",
                      "agent.has_alerts",
                      "agent.machine_ip",
                      "agent.object_guid",
                      "agent.plugins.endpoint_protection.sdk_version",
                      "agent.plugins.endpoint_protection.component_package_version",
                      "agent.source_location.city",
                      "agent.source_location.country",
                      "agent.source_location.country_iso",
                      "agent.source_location.continent",
                      "agent.source_location.time_zone",
                      "agent.source_location.postal_code",
                      "agent.source_location.subdivisions",
                      "agent.source_location.anonymous_proxy",
                      "agent.serial_number"
                    ]
                  },
                  "populate": {
                    "type": "object",
                    "title": "Populate object schema",
                    "properties": {
                      "group": {
                        "type": "boolean",
                        "title": "Populates group data (group name, policy name, policy id)"
                      },
                      "endpoint": {
                        "type": "boolean",
                        "title": "Populate with the endpoint data (last day seen, last user)"
                      }
                    }
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "default": "asc",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "default": 50,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "machine_id",
                        "group_id",
                        "rule_id",
                        "rule_name",
                        "resolved_ips",
                        "group_name",
                        "policy_id",
                        "policy_name",
                        "account_id",
                        "parent_account_id",
                        "action",
                        "log.policy_id",
                        "log.policy",
                        "log.protocol",
                        "log.query_name",
                        "log.query_name_reversed",
                        "log.resolver_decision",
                        "log.user_id",
                        "log.colo_id",
                        "log.dst_port",
                        "log.query_category_ids",
                        "log.query_size",
                        "log.query_type",
                        "log.src_port",
                        "log.dst_ip",
                        "log.src_ip",
                        "timestamp",
                        "log.datetime",
                        "agent.at",
                        "agent.last_user",
                        "agent.fully_qualified_host_name",
                        "agent.started_at_local",
                        "agent.started_at_offset",
                        "agent.os_info.os_type",
                        "agent.os_info.os_version",
                        "agent.os_info.os_platform",
                        "agent.os_info.os_architecture",
                        "agent.os_info.os_release_name",
                        "agent.domain_name",
                        "agent.engine_version",
                        "agent.policy_etag",
                        "agent.host_name",
                        "agent.nics.ips",
                        "agent.nics.mac_address",
                        "machine.tags.alias",
                        "agent.has_alerts",
                        "agent.machine_ip",
                        "agent.object_guid",
                        "agent.plugins.endpoint_protection.sdk_version",
                        "agent.plugins.endpoint_protection.component_package_version",
                        "agent.source_location.city",
                        "agent.source_location.country",
                        "agent.source_location.country_iso",
                        "agent.source_location.continent",
                        "agent.source_location.time_zone",
                        "agent.source_location.postal_code",
                        "agent.source_location.subdivisions",
                        "agent.source_location.anonymous_proxy",
                        "agent.serial_number",
                        "daily_logs"
                      ]
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search DNS Logs result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "id": {
                            "type": "string"
                          },
                          "@timestamp": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "account_id": {
                            "type": "string"
                          },
                          "policy_id": {
                            "type": "string"
                          },
                          "policy_name": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "action": {
                            "type": "string"
                          },
                          "log": {
                            "properties": {
                              "colo_id": {
                                "type": "number"
                              },
                              "datetime": {
                                "type": "string"
                              },
                              "device_id": {
                                "type": "string"
                              },
                              "dst_ip": {
                                "type": "string"
                              },
                              "dst_port": {
                                "type": "integer"
                              },
                              "email": {
                                "type": "string"
                              },
                              "location": {
                                "type": "string"
                              },
                              "policy": {
                                "type": "string"
                              },
                              "policy_id": {
                                "type": "string"
                              },
                              "protocol": {
                                "type": "string"
                              },
                              "query_category_ids": {
                                "type": "array"
                              },
                              "query_name": {
                                "type": "string"
                              },
                              "query_name_reversed": {
                                "type": "string"
                              },
                              "query_size": {
                                "type": "number"
                              },
                              "query_type": {
                                "type": "integer"
                              },
                              "resolver_decision": {
                                "type": "string"
                              },
                              "src_ip": {
                                "type": "string"
                              },
                              "src_port": {
                                "type": "integer"
                              },
                              "user_id": {
                                "type": "string"
                              }
                            }
                          },
                          "rule_id": {
                            "type": "string",
                            "description": "Content filtering rule id"
                          },
                          "rule_name": {
                            "type": "string",
                            "description": "Content filtering rule name"
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "results",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "DNS Logs"
        ],
        "operationId": "api.nebula.search.dns"
      }
    },
    "/nebula/v1/dns/search-groupby": {
      "post": {
        "description": "Search DNS Logs grouped by a specific field.",
        "summary": "Search DNS Logs groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post DNS Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search DNS Logs request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "allOf": [
                      {
                        "type": "object",
                        "title": "Agent constraints",
                        "description": "The Agents constraints.",
                        "properties": {
                          "nics.mac_address": {
                            "type": "string",
                            "title": "nics.mac_address"
                          },
                          "not.nics.mac_address": {
                            "type": "string",
                            "title": "not.nics.mac_address"
                          },
                          "nics.mac_address.keyword": {
                            "type": "string",
                            "title": "nics.mac_address.keyword"
                          },
                          "not.nics.mac_address.keyword": {
                            "type": "string",
                            "title": "not.nics.mac_address.keyword"
                          },
                          "nics.description": {
                            "type": "string",
                            "title": "nics.description"
                          },
                          "not.nics.description": {
                            "type": "string",
                            "title": "not.nics.description"
                          },
                          "nics.description.keyword": {
                            "type": "string",
                            "title": "nics.description.keyword"
                          },
                          "not.nics.description.keyword": {
                            "type": "string",
                            "title": "not.nics.description.keyword"
                          },
                          "os_info.os_type": {
                            "type": "string",
                            "title": "os_info.os_type"
                          },
                          "not.os_info.os_type": {
                            "type": "string",
                            "title": "not.os_info.os_type"
                          },
                          "os_info.os_type.keyword": {
                            "type": "string",
                            "title": "os_info.os_type.keyword"
                          },
                          "not.os_info.os_type.keyword": {
                            "type": "string",
                            "title": "not.os_info.os_type.keyword"
                          },
                          "os_info.os_version": {
                            "type": "string",
                            "title": "os_info.os_version"
                          },
                          "not.os_info.os_version": {
                            "type": "string",
                            "title": "not.os_info.os_version"
                          },
                          "os_info.os_version.keyword": {
                            "type": "string",
                            "title": "os_info.os_version.keyword"
                          },
                          "not.os_info.os_version.keyword": {
                            "type": "string",
                            "title": "not.os_info.os_version.keyword"
                          },
                          "os_info.os_platform": {
                            "type": "string",
                            "title": "os_info.os_platform"
                          },
                          "not.os_info.os_platform": {
                            "type": "string",
                            "title": "not.os_info.os_platform"
                          },
                          "os_info.os_platform.keyword": {
                            "type": "string",
                            "title": "os_info.os_platform.keyword"
                          },
                          "not.os_info.os_platform.keyword": {
                            "type": "string",
                            "title": "not.os_info.os_platform.keyword"
                          },
                          "os_info.os_architecture": {
                            "type": "string",
                            "title": "os_info.os_architecture"
                          },
                          "not.os_info.os_architecture": {
                            "type": "string",
                            "title": "not.os_info.os_architecture"
                          },
                          "os_info.os_architecture.keyword": {
                            "type": "string",
                            "title": "os_info.os_architecture.keyword"
                          },
                          "not.os_info.os_architecture.keyword": {
                            "type": "string",
                            "title": "not.os_info.os_architecture.keyword"
                          },
                          "os_info.os_release_name": {
                            "type": "string",
                            "title": "os_info.os_release_name"
                          },
                          "not.os_info.os_release_name": {
                            "type": "string",
                            "title": "not.os_info.os_release_name"
                          },
                          "os_info.os_release_name.keyword": {
                            "type": "string",
                            "title": "os_info.os_release_name.keyword"
                          },
                          "not.os_info.os_release_name.keyword": {
                            "type": "string",
                            "title": "not.os_info.os_release_name.keyword"
                          },
                          "host_name": {
                            "type": "string",
                            "title": "host_name"
                          },
                          "not.host_name": {
                            "type": "string",
                            "title": "not.host_name"
                          },
                          "host_name.keyword": {
                            "type": "string",
                            "title": "host_name.keyword"
                          },
                          "not.host_name.keyword": {
                            "type": "string",
                            "title": "not.host_name.keyword"
                          },
                          "fully_qualified_host_name": {
                            "type": "string",
                            "title": "fully_qualified_host_name"
                          },
                          "not.fully_qualified_host_name": {
                            "type": "string",
                            "title": "not.fully_qualified_host_name"
                          },
                          "fully_qualified_host_name.keyword": {
                            "type": "string",
                            "title": "fully_qualified_host_name.keyword"
                          },
                          "not.fully_qualified_host_name.keyword": {
                            "type": "string",
                            "title": "not.fully_qualified_host_name.keyword"
                          },
                          "plugins.asset_manager.plugin_version": {
                            "type": "string",
                            "title": "plugins.asset_manager.plugin_version"
                          },
                          "not.plugins.asset_manager.plugin_version": {
                            "type": "string",
                            "title": "not.plugins.asset_manager.plugin_version"
                          },
                          "plugins.asset_manager.plugin_version.keyword": {
                            "type": "string",
                            "title": "plugins.asset_manager.plugin_version.keyword"
                          },
                          "not.plugins.asset_manager.plugin_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.asset_manager.plugin_version.keyword"
                          },
                          "plugins.asset_manager.reboot_reasons": {
                            "type": "string",
                            "title": "plugins.asset_manager.reboot_reasons"
                          },
                          "not.plugins.asset_manager.reboot_reasons": {
                            "type": "string",
                            "title": "not.plugins.asset_manager.reboot_reasons"
                          },
                          "plugins.asset_manager.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "plugins.asset_manager.reboot_reasons.keyword"
                          },
                          "not.plugins.asset_manager.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "not.plugins.asset_manager.reboot_reasons.keyword"
                          },
                          "plugins.endpoint_protection.plugin_version": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.plugin_version"
                          },
                          "not.plugins.endpoint_protection.plugin_version": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.plugin_version"
                          },
                          "plugins.endpoint_protection.plugin_version.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.plugin_version.keyword"
                          },
                          "not.plugins.endpoint_protection.plugin_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.plugin_version.keyword"
                          },
                          "plugins.endpoint_protection.sdk_version": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.sdk_version"
                          },
                          "not.plugins.endpoint_protection.sdk_version": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.sdk_version"
                          },
                          "plugins.endpoint_protection.sdk_version.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.sdk_version.keyword"
                          },
                          "not.plugins.endpoint_protection.sdk_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.sdk_version.keyword"
                          },
                          "plugins.endpoint_protection.component_package_version": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.component_package_version"
                          },
                          "not.plugins.endpoint_protection.component_package_version": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.component_package_version"
                          },
                          "plugins.endpoint_protection.component_package_version.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.component_package_version.keyword"
                          },
                          "not.plugins.endpoint_protection.component_package_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.component_package_version.keyword"
                          },
                          "plugins.endpoint_protection.update_package_version": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.update_package_version"
                          },
                          "not.plugins.endpoint_protection.update_package_version": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.update_package_version"
                          },
                          "plugins.endpoint_protection.update_package_version.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.update_package_version.keyword"
                          },
                          "not.plugins.endpoint_protection.update_package_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.update_package_version.keyword"
                          },
                          "plugins.endpoint_protection.reboot_reasons": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.reboot_reasons"
                          },
                          "not.plugins.endpoint_protection.reboot_reasons": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.reboot_reasons"
                          },
                          "plugins.endpoint_protection.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_protection.reboot_reasons.keyword"
                          },
                          "not.plugins.endpoint_protection.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_protection.reboot_reasons.keyword"
                          },
                          "plugins.endpoint_detection_and_response.plugin_version": {
                            "type": "string",
                            "title": "plugins.endpoint_detection_and_response.plugin_version"
                          },
                          "not.plugins.endpoint_detection_and_response.plugin_version": {
                            "type": "string",
                            "title": "not.plugins.endpoint_detection_and_response.plugin_version"
                          },
                          "plugins.endpoint_detection_and_response.plugin_version.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_detection_and_response.plugin_version.keyword"
                          },
                          "not.plugins.endpoint_detection_and_response.plugin_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_detection_and_response.plugin_version.keyword"
                          },
                          "plugins.endpoint_detection_and_response.reboot_reasons": {
                            "type": "string",
                            "title": "plugins.endpoint_detection_and_response.reboot_reasons"
                          },
                          "not.plugins.endpoint_detection_and_response.reboot_reasons": {
                            "type": "string",
                            "title": "not.plugins.endpoint_detection_and_response.reboot_reasons"
                          },
                          "plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                          },
                          "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword"
                          },
                          "plugins.incident_response.plugin_version": {
                            "type": "string",
                            "title": "plugins.incident_response.plugin_version"
                          },
                          "not.plugins.incident_response.plugin_version": {
                            "type": "string",
                            "title": "not.plugins.incident_response.plugin_version"
                          },
                          "plugins.incident_response.plugin_version.keyword": {
                            "type": "string",
                            "title": "plugins.incident_response.plugin_version.keyword"
                          },
                          "not.plugins.incident_response.plugin_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.incident_response.plugin_version.keyword"
                          },
                          "plugins.incident_response.reboot_reasons": {
                            "type": "string",
                            "title": "plugins.incident_response.reboot_reasons"
                          },
                          "not.plugins.incident_response.reboot_reasons": {
                            "type": "string",
                            "title": "not.plugins.incident_response.reboot_reasons"
                          },
                          "plugins.incident_response.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "plugins.incident_response.reboot_reasons.keyword"
                          },
                          "not.plugins.incident_response.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "not.plugins.incident_response.reboot_reasons.keyword"
                          },
                          "plugins.siem.plugin_version": {
                            "type": "string",
                            "title": "plugins.siem.plugin_version"
                          },
                          "not.plugins.siem.plugin_version": {
                            "type": "string",
                            "title": "not.plugins.siem.plugin_version"
                          },
                          "plugins.siem.plugin_version.keyword": {
                            "type": "string",
                            "title": "plugins.siem.plugin_version.keyword"
                          },
                          "not.plugins.siem.plugin_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.siem.plugin_version.keyword"
                          },
                          "plugins.browser_phishing_protection.plugin_version": {
                            "type": "string",
                            "title": "plugins.browser_phishing_protection.plugin_version"
                          },
                          "not.plugins.browser_phishing_protection.plugin_version": {
                            "type": "string",
                            "title": "not.plugins.browser_phishing_protection.plugin_version"
                          },
                          "plugins.browser_phishing_protection.plugin_version.keyword": {
                            "type": "string",
                            "title": "plugins.browser_phishing_protection.plugin_version.keyword"
                          },
                          "not.plugins.browser_phishing_protection.plugin_version.keyword": {
                            "type": "string",
                            "title": "not.plugins.browser_phishing_protection.plugin_version.keyword"
                          },
                          "plugins.browser_phishing_protection.reboot_reasons": {
                            "type": "string",
                            "title": "plugins.browser_phishing_protection.reboot_reasons"
                          },
                          "not.plugins.browser_phishing_protection.reboot_reasons": {
                            "type": "string",
                            "title": "not.plugins.browser_phishing_protection.reboot_reasons"
                          },
                          "plugins.browser_phishing_protection.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "plugins.browser_phishing_protection.reboot_reasons.keyword"
                          },
                          "not.plugins.browser_phishing_protection.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "not.plugins.browser_phishing_protection.reboot_reasons.keyword"
                          },
                          "plugins.siem.reboot_reasons": {
                            "type": "string",
                            "title": "plugins.siem.reboot_reasons"
                          },
                          "not.plugins.siem.reboot_reasons": {
                            "type": "string",
                            "title": "not.plugins.siem.reboot_reasons"
                          },
                          "plugins.siem.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "plugins.siem.reboot_reasons.keyword"
                          },
                          "not.plugins.siem.reboot_reasons.keyword": {
                            "type": "string",
                            "title": "not.plugins.siem.reboot_reasons.keyword"
                          },
                          "engine_version": {
                            "type": "string",
                            "title": "engine_version"
                          },
                          "not.engine_version": {
                            "type": "string",
                            "title": "not.engine_version"
                          },
                          "engine_version.keyword": {
                            "type": "string",
                            "title": "engine_version.keyword"
                          },
                          "not.engine_version.keyword": {
                            "type": "string",
                            "title": "not.engine_version.keyword"
                          },
                          "domain_name": {
                            "type": "string",
                            "title": "domain_name"
                          },
                          "not.domain_name": {
                            "type": "string",
                            "title": "not.domain_name"
                          },
                          "domain_name.keyword": {
                            "type": "string",
                            "title": "domain_name.keyword"
                          },
                          "not.domain_name.keyword": {
                            "type": "string",
                            "title": "not.domain_name.keyword"
                          },
                          "policy_etag": {
                            "type": "string",
                            "title": "policy_etag"
                          },
                          "not.policy_etag": {
                            "type": "string",
                            "title": "not.policy_etag"
                          },
                          "policy_etag.keyword": {
                            "type": "string",
                            "title": "policy_etag.keyword"
                          },
                          "not.policy_etag.keyword": {
                            "type": "string",
                            "title": "not.policy_etag.keyword"
                          },
                          "last_user": {
                            "type": "string",
                            "title": "last_user"
                          },
                          "not.last_user": {
                            "type": "string",
                            "title": "not.last_user"
                          },
                          "last_user.keyword": {
                            "type": "string",
                            "title": "last_user.keyword"
                          },
                          "not.last_user.keyword": {
                            "type": "string",
                            "title": "not.last_user.keyword"
                          },
                          "serial_number": {
                            "type": "string",
                            "title": "serial_number"
                          },
                          "not.serial_number": {
                            "type": "string",
                            "title": "not.serial_number"
                          },
                          "serial_number.keyword": {
                            "type": "string",
                            "title": "serial_number.keyword"
                          },
                          "not.serial_number.keyword": {
                            "type": "string",
                            "title": "not.serial_number.keyword"
                          }
                        }
                      }
                    ],
                    "properties": {
                      "id": {
                        "type": "string",
                        "title": "Filter the search by DNS event id. Search for an exact match"
                      },
                      "not.id": {
                        "type": "string",
                        "title": "Filter the search by not.id. Search for the matches that are not equal to the value"
                      },
                      "machine_id": {
                        "type": "string",
                        "title": "Filter the search by machine_id. Search for an exact match"
                      },
                      "machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                      },
                      "not.machine_id": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                      },
                      "not.machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter the search by group_id. Search for an exact match"
                      },
                      "group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                      },
                      "not.group_id": {
                        "type": "string",
                        "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                      },
                      "not.group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter the search by group_name. Search for an exact match"
                      },
                      "group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                      },
                      "not.group_name": {
                        "type": "string",
                        "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                      },
                      "not.group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_name.keyword. Search for the matches that doesnt contain the value"
                      },
                      "rule_id": {
                        "type": "string",
                        "title": "Filter the search by rule_id. Search for an exact match"
                      },
                      "rule_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by rule_id.keyword. Search for the matches that contain the value"
                      },
                      "not.rule_id": {
                        "type": "string",
                        "title": "Filter the search by not.rule_id. Search for the matches that are not equal to the value"
                      },
                      "not.rule_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.rule_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "rule_name": {
                        "type": "string",
                        "title": "Filter the search by rule_name. Search for an exact match"
                      },
                      "rule_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by rule_name.keyword. Search for the matches that contain the value"
                      },
                      "not.rule_name": {
                        "type": "string",
                        "title": "Filter the search by not.rule_name. Search for the matches that are not equal to the value"
                      },
                      "not.rule_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.rule_name.keyword. Search for the matches that doesnt contain the value"
                      },
                      "policy_id": {
                        "type": "string",
                        "title": "Filter the search by policy_id. Search for an exact match"
                      },
                      "policy_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by policy_id.keyword. Search for the matches that contain the value"
                      },
                      "not.policy_id": {
                        "type": "string",
                        "title": "Filter the search by not.policy_id. Search for the matches that are not equal to the value"
                      },
                      "not.policy_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.policy_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "policy_name": {
                        "type": "string",
                        "title": "Filter the search by policy_name. Search for an exact match"
                      },
                      "policy_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by policy_name.keyword. Search for the matches that contain the value"
                      },
                      "not.policy_name": {
                        "type": "string",
                        "title": "Filter the search by not.policy_name. Search for the matches that are not equal to the value"
                      },
                      "not.policy_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.policy_name.keyword. Search for the matches that doesnt contain the value"
                      },
                      "account_id": {
                        "type": "string",
                        "title": "Filter the search by account_id. Search for an exact match"
                      },
                      "account_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by account_id.keyword. Search for the matches that contain the value"
                      },
                      "not.account_id": {
                        "type": "string",
                        "title": "Filter the search by not.account_id. Search for the matches that are not equal to the value"
                      },
                      "not.account_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.account_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "parent_account_id": {
                        "type": "string",
                        "title": "Filter the search by parent_account_id. Search for an exact match"
                      },
                      "parent_account_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by parent_account_id.keyword. Search for the matches that contain the value"
                      },
                      "not.parent_account_id": {
                        "type": "string",
                        "title": "Filter the search by not.parent_account_id. Search for the matches that are not equal to the value"
                      },
                      "not.parent_account_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.parent_account_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "action": {
                        "type": "string",
                        "title": "Filter the search by action. Search for an exact match"
                      },
                      "action.keyword": {
                        "type": "string",
                        "title": "Filter the search by action.keyword. Search for the matches that contain the value"
                      },
                      "not.action": {
                        "type": "string",
                        "title": "Filter the search by not.action. Search for the matches that are not equal to the value"
                      },
                      "not.action.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.action.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.policy_id": {
                        "type": "string",
                        "title": "Filter the search by log.policy_id. Search for an exact match"
                      },
                      "log.policy_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.policy_id.keyword. Search for the matches that contain the value"
                      },
                      "not.log.policy_id": {
                        "type": "string",
                        "title": "Filter the search by not.log.policy_id. Search for the matches that are not equal to the value"
                      },
                      "not.log.policy_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.policy_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.policy": {
                        "type": "string",
                        "title": "Filter the search by log.policy. Search for an exact match"
                      },
                      "log.policy.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.policy.keyword. Search for the matches that contain the value"
                      },
                      "not.log.policy": {
                        "type": "string",
                        "title": "Filter the search by not.log.policy. Search for the matches that are not equal to the value"
                      },
                      "not.log.policy.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.policy.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.protocol": {
                        "type": "string",
                        "title": "Filter the search by log.protocol. Search for an exact match"
                      },
                      "log.protocol.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.protocol.keyword. Search for the matches that contain the value"
                      },
                      "not.log.protocol": {
                        "type": "string",
                        "title": "Filter the search by not.log.protocol. Search for the matches that are not equal to the value"
                      },
                      "not.log.protocol.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.protocol.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.query_name": {
                        "type": "string",
                        "title": "Filter the search by log.query_name. Search for an exact match"
                      },
                      "log.query_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.query_name.keyword. Search for the matches that contain the value"
                      },
                      "not.log.query_name": {
                        "type": "string",
                        "title": "Filter the search by not.log.query_name. Search for the matches that are not equal to the value"
                      },
                      "not.log.query_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.query_name.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.query_name_reversed": {
                        "type": "string",
                        "title": "Filter the search by log.query_name_reversed. Search for an exact match"
                      },
                      "log.query_name_reversed.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.query_name_reversed.keyword. Search for the matches that contain the value"
                      },
                      "not.log.query_name_reversed": {
                        "type": "string",
                        "title": "Filter the search by not.log.query_name_reversed. Search for the matches that are not equal to the value"
                      },
                      "not.log.query_name_reversed.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.query_name_reversed.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.resolver_decision": {
                        "type": "string",
                        "title": "Filter the search by log.resolver_decision. Search for an exact match"
                      },
                      "log.resolver_decision.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.resolver_decision.keyword. Search for the matches that contain the value"
                      },
                      "not.log.resolver_decision": {
                        "type": "string",
                        "title": "Filter the search by not.log.resolver_decision. Search for the matches that are not equal to the value"
                      },
                      "not.log.resolver_decision.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.resolver_decision.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.user_id": {
                        "type": "string",
                        "title": "Filter the search by log.user_id. Search for an exact match"
                      },
                      "log.user_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by log.user_id.keyword. Search for the matches that contain the value"
                      },
                      "not.log.user_id": {
                        "type": "string",
                        "title": "Filter the search by not.log.user_id. Search for the matches that are not equal to the value"
                      },
                      "not.log.user_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.log.user_id.keyword. Search for the matches that doesnt contain the value"
                      },
                      "log.colo_id": {
                        "type": "number",
                        "title": "Filter the search by log.colo_id. Search for an exact match of the integer value"
                      },
                      "log.colo_id_lt": {
                        "type": "number",
                        "title": "Filter the search by log.colo_id_lt. Search for the documents that are less than the value"
                      },
                      "log.colo_id_lte": {
                        "type": "number",
                        "title": "Filter the search by log.colo_id_lte. Search for the documents that are less or equal than the value"
                      },
                      "log.colo_id_gt": {
                        "type": "number",
                        "title": "Filter the search by log.colo_id_gt. Search for the documents that are greater than the value"
                      },
                      "log.colo_id_gte": {
                        "type": "number",
                        "title": "Filter the search by log.colo_id_gte. Search for the documents that are greater or equal than the value"
                      },
                      "log.dst_port": {
                        "type": "number",
                        "title": "Filter the search by log.dst_port. Search for an exact match of the integer value"
                      },
                      "log.dst_port_lt": {
                        "type": "number",
                        "title": "Filter the search by log.dst_port_lt. Search for the documents that are less than the value"
                      },
                      "log.dst_port_lte": {
                        "type": "number",
                        "title": "Filter the search by log.dst_port_lte. Search for the documents that are less or equal than the value"
                      },
                      "log.dst_port_gt": {
                        "type": "number",
                        "title": "Filter the search by log.dst_port_gt. Search for the documents that are greater than the value"
                      },
                      "log.dst_port_gte": {
                        "type": "number",
                        "title": "Filter the search by log.dst_port_gte. Search for the documents that are greater or equal than the value"
                      },
                      "log.query_category_ids": {
                        "type": "array",
                        "items": {
                          "type": "number"
                        },
                        "title": "Filter the search by log.query_category_ids. Search for an exact match of the integer value"
                      },
                      "log.query_size": {
                        "type": "number",
                        "title": "Filter the search by log.query_size. Search for an exact match of the integer value"
                      },
                      "log.query_size_lt": {
                        "type": "number",
                        "title": "Filter the search by log.query_size_lt. Search for the documents that are less than the value"
                      },
                      "log.query_size_lte": {
                        "type": "number",
                        "title": "Filter the search by log.query_size_lte. Search for the documents that are less or equal than the value"
                      },
                      "log.query_size_gt": {
                        "type": "number",
                        "title": "Filter the search by log.query_size_gt. Search for the documents that are greater than the value"
                      },
                      "log.query_size_gte": {
                        "type": "number",
                        "title": "Filter the search by log.query_size_gte. Search for the documents that are greater or equal than the value"
                      },
                      "log.query_type": {
                        "type": "number",
                        "title": "Filter the search by log.query_type. Search for an exact match of the integer value"
                      },
                      "log.query_type_lt": {
                        "type": "number",
                        "title": "Filter the search by log.query_type_lt. Search for the documents that are less than the value"
                      },
                      "log.query_type_lte": {
                        "type": "number",
                        "title": "Filter the search by log.query_type_lte. Search for the documents that are less or equal than the value"
                      },
                      "log.query_type_gt": {
                        "type": "number",
                        "title": "Filter the search by log.query_type_gt. Search for the documents that are greater than the value"
                      },
                      "log.query_type_gte": {
                        "type": "number",
                        "title": "Filter the search by log.query_type_gte. Search for the documents that are greater or equal than the value"
                      },
                      "log.src_port": {
                        "type": "number",
                        "title": "Filter the search by log.src_port. Search for an exact match of the integer value"
                      },
                      "log.src_port_lt": {
                        "type": "number",
                        "title": "Filter the search by log.src_port_lt. Search for the documents that are less than the value"
                      },
                      "log.src_port_lte": {
                        "type": "number",
                        "title": "Filter the search by log.src_port_lte. Search for the documents that are less or equal than the value"
                      },
                      "log.src_port_gt": {
                        "type": "number",
                        "title": "Filter the search by log.src_port_gt. Search for the documents that are greater than the value"
                      },
                      "log.src_port_gte": {
                        "type": "number",
                        "title": "Filter the search by log.src_port_gte. Search for the documents that are greater or equal than the value"
                      },
                      "log.datetime_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by log.datetime_before. Search for the documents that are after the given timestamp"
                      },
                      "log.datetime_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by log.datetime_after. "
                      },
                      "timestamp_before": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by timestamp_before. Search for the documents that are after the given timestamp"
                      },
                      "timestamp_after": {
                        "type": "string",
                        "format": "date-time",
                        "title": "Filter the search by timestamp_after. "
                      },
                      "log.dst_ip": {
                        "type": "string",
                        "format": "ipv4",
                        "title": "Filter the search by log.dst_ip. Search for an exact match"
                      },
                      "not.log.dst_ip": {
                        "type": "string",
                        "format": "ipv4",
                        "title": "Filter the search by not.log.dst_ip. Search for the matches that are not equal to the value"
                      },
                      "log.src_ip": {
                        "type": "string",
                        "format": "ipv4",
                        "title": "Filter the search by log.src_ip. Search for an exact match"
                      },
                      "not.log.src_ip": {
                        "type": "string",
                        "format": "ipv4",
                        "title": "Filter the search by not.log.src_ip. Search for the matches that are not equal to the value"
                      },
                      "resolved_ips": {
                        "type": "string",
                        "title": "Filter the search by resolved_ips. Search for an exact match"
                      },
                      "not.resolved_ips": {
                        "type": "string",
                        "title": "Filter the search by not.resolved_ips. Search for the matches that are not equal to the value"
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "enum": [
                          "machine_id",
                          "group_id",
                          "group_name",
                          "rule_id",
                          "rule_name",
                          "resolved_ips",
                          "policy_id",
                          "policy_name",
                          "account_id",
                          "parent_account_id",
                          "action",
                          "log.policy_id",
                          "log.policy",
                          "log.protocol",
                          "log.query_name",
                          "log.query_name_reversed",
                          "log.resolver_decision",
                          "log.user_id",
                          "log.colo_id",
                          "log.dst_port",
                          "log.query_category_ids",
                          "log.query_size",
                          "log.query_type",
                          "log.src_port",
                          "log.dst_ip",
                          "log.src_ip",
                          "timestamp",
                          "log.datetime",
                          "agent.at",
                          "agent.last_user",
                          "agent.fully_qualified_host_name",
                          "agent.started_at_local",
                          "agent.started_at_offset",
                          "agent.os_info.os_type",
                          "agent.os_info.os_version",
                          "agent.os_info.os_platform",
                          "agent.os_info.os_architecture",
                          "agent.os_info.os_release_name",
                          "agent.domain_name",
                          "agent.engine_version",
                          "agent.policy_etag",
                          "agent.host_name",
                          "agent.nics.ips",
                          "agent.nics.mac_address",
                          "machine.tags.alias",
                          "agent.has_alerts",
                          "agent.machine_ip",
                          "agent.object_guid",
                          "agent.plugins.endpoint_protection.sdk_version",
                          "agent.plugins.endpoint_protection.component_package_version",
                          "agent.source_location.city",
                          "agent.source_location.country",
                          "agent.source_location.country_iso",
                          "agent.source_location.continent",
                          "agent.source_location.time_zone",
                          "agent.source_location.postal_code",
                          "agent.source_location.subdivisions",
                          "agent.source_location.anonymous_proxy",
                          "agent.serial_number"
                        ]
                      },
                      "populate": {
                        "type": "object",
                        "title": "Populate object schema",
                        "properties": {
                          "group": {
                            "type": "boolean",
                            "title": "Populates group data (group name, policy name, policy id)"
                          },
                          "endpoint": {
                            "type": "boolean",
                            "title": "Populate with the endpoint data (last day seen, last user)"
                          }
                        }
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "default": "asc",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "default": 50,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "machine_id",
                            "group_id",
                            "rule_id",
                            "rule_name",
                            "resolved_ips",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "account_id",
                            "parent_account_id",
                            "action",
                            "log.policy_id",
                            "log.policy",
                            "log.protocol",
                            "log.query_name",
                            "log.query_name_reversed",
                            "log.resolver_decision",
                            "log.user_id",
                            "log.colo_id",
                            "log.dst_port",
                            "log.query_category_ids",
                            "log.query_size",
                            "log.query_type",
                            "log.src_port",
                            "log.dst_ip",
                            "log.src_ip",
                            "timestamp",
                            "log.datetime",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number",
                            "daily_logs"
                          ]
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The groupBy Schema",
                    "enum": [
                      "rule_id",
                      "rule_name",
                      "machine_id",
                      "group_id",
                      "group_name",
                      "policy_id",
                      "policy_name",
                      "account_id",
                      "parent_account_id",
                      "action",
                      "log.policy_id",
                      "log.policy",
                      "log.protocol",
                      "log.query_name",
                      "log.query_name_reversed",
                      "log.resolver_decision",
                      "log.user_id",
                      "log.colo_id",
                      "log.dst_port",
                      "log.query_category_ids",
                      "log.query_size",
                      "log.query_type",
                      "log.src_port",
                      "log.dst_ip",
                      "log.src_ip",
                      "timestamp",
                      "log.datetime",
                      "agent.at",
                      "agent.last_user",
                      "agent.fully_qualified_host_name",
                      "agent.started_at_local",
                      "agent.started_at_offset",
                      "agent.os_info.os_type",
                      "agent.os_info.os_version",
                      "agent.os_info.os_platform",
                      "agent.os_info.os_architecture",
                      "agent.os_info.os_release_name",
                      "agent.domain_name",
                      "agent.engine_version",
                      "agent.policy_etag",
                      "agent.host_name",
                      "agent.nics.ips",
                      "agent.nics.mac_address",
                      "machine.tags.alias",
                      "agent.has_alerts",
                      "agent.machine_ip",
                      "agent.object_guid",
                      "agent.plugins.endpoint_protection.sdk_version",
                      "agent.plugins.endpoint_protection.component_package_version",
                      "agent.source_location.city",
                      "agent.source_location.country",
                      "agent.source_location.country_iso",
                      "agent.source_location.continent",
                      "agent.source_location.time_zone",
                      "agent.source_location.postal_code",
                      "agent.source_location.subdivisions",
                      "agent.source_location.anonymous_proxy",
                      "agent.serial_number"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page_size Schema",
                    "minimum": 50,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post DNS Logs Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "DNS Logs"
        ],
        "operationId": "api.nebula.search.dns.group"
      }
    },
    "/nebula/v1/os-patches/export": {
      "post": {
        "description": "Export OS Patch data. You can export across multiple accounts. Specify your interested fields and the output format.\n\nSupported output formats: csv, xlsx, json.\n\n## Settings\n\n| Name | Description |\n|------|-------------|\n| groups | List of queries. The constraints accepted are the same accepted by the search os patches route. Refer to [Search OS Patches API](#operation/api.nebula.search.os-patches) for more information about the constraints accepted. |\n| download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` |\n| select | Which fields to select, and which field name to map to. See request schema for allowed values |\n| type | Output encoding (for `csv` and `json` format) |\n| filename | Name of the file to be set in `Content-Disposition` header if `download` = true |\n\n## Examples\n\n### Download HTML file\n\nA request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `KB Id`, `Category`, `Description` for all detections on `windows` endpoints:\n\n```json\n\t{\n\t\t\"groups\": [{\n\t\t\t\"os_info.os_platform\": \"Windows\"\n\t\t}],\n\t\t\"format\": \"html\",\n\t\t\"type\": \"string\",\n\t\t\"filename\": \"nameofthefile\",\n\t\t\"download\": true,\n\t\t\"select\": [\n            {\"field\": \"patch_id\", \"newField\": \"KB Id\"},\n            {\"field\": \"category\", \"newField\": \"Category\"},\n            {\"field\": \"description\", \"newField\": \"Description\"}\n        ]\n\t}\n```\n\n\n",
        "summary": "Export OS Patches",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "domain_name",
                            "display_name",
                            "vendor",
                            "product",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "severity",
                            "title",
                            "description",
                            "category",
                            "security_update_id",
                            "patch_id",
                            "kb_id",
                            "created_at",
                            "released_at",
                            "reboot_required",
                            "preview_patch",
                            "size",
                            "group.name",
                            "group.policy_id",
                            "group.policy_name",
                            "endpoint.last_day_seen",
                            "endpoint.last_user",
                            "alias"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for an exact match"
                            },
                            "root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                            },
                            "not.root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for an exact match"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for an exact match"
                            },
                            "object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                            },
                            "not.object_guid": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                            },
                            "not.object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for an exact match"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for an exact match"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                            },
                            "display_name": {
                              "type": "string",
                              "title": "Filter the search by display_name. Search for an exact match"
                            },
                            "display_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_name.keyword. Search for the matches that contain the value"
                            },
                            "not.display_name": {
                              "type": "string",
                              "title": "Filter the search by not.display_name. Search for the matches that are not equal to the value"
                            },
                            "not.display_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_name.keyword. Search for the matches that do not contain the value"
                            },
                            "vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for an exact match"
                            },
                            "vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.vendor": {
                              "type": "string",
                              "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                            },
                            "not.vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for an exact match"
                            },
                            "product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                            },
                            "not.product": {
                              "type": "string",
                              "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                            },
                            "not.product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for an exact match"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for an exact match"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for an exact match"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                            },
                            "severity": {
                              "type": "string",
                              "title": "Filter the search by severity. Search for an exact match"
                            },
                            "severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                            },
                            "not.severity": {
                              "type": "string",
                              "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                            },
                            "not.severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                            },
                            "title": {
                              "type": "string",
                              "title": "Filter the search by title. Search for an exact match"
                            },
                            "title.keyword": {
                              "type": "string",
                              "title": "Filter the search by title.keyword. Search for the matches that contain the value"
                            },
                            "not.title": {
                              "type": "string",
                              "title": "Filter the search by not.title. Search for the matches that are not equal to the value"
                            },
                            "not.title.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.title.keyword. Search for the matches that do not contain the value"
                            },
                            "description": {
                              "type": "string",
                              "title": "Filter the search by description. Search for an exact match"
                            },
                            "description.keyword": {
                              "type": "string",
                              "title": "Filter the search by description.keyword. Search for the matches that contain the value"
                            },
                            "not.description": {
                              "type": "string",
                              "title": "Filter the search by not.description. Search for the matches that are not equal to the value"
                            },
                            "not.description.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.description.keyword. Search for the matches that do not contain the value"
                            },
                            "category": {
                              "type": "string",
                              "title": "Filter the search by category. Search for an exact match"
                            },
                            "category.keyword": {
                              "type": "string",
                              "title": "Filter the search by category.keyword. Search for the matches that contain the value"
                            },
                            "not.category": {
                              "type": "string",
                              "title": "Filter the search by not.category. Search for the matches that are not equal to the value"
                            },
                            "not.category.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.category.keyword. Search for the matches that do not contain the value"
                            },
                            "security_update_id": {
                              "type": "string",
                              "title": "Filter the search by security_update_id. Search for an exact match"
                            },
                            "security_update_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by security_update_id.keyword. Search for the matches that contain the value"
                            },
                            "not.security_update_id": {
                              "type": "string",
                              "title": "Filter the search by not.security_update_id. Search for the matches that are not equal to the value"
                            },
                            "not.security_update_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.security_update_id.keyword. Search for the matches that do not contain the value"
                            },
                            "patch_id": {
                              "type": "string",
                              "title": "Filter the search by patch_id. Search for an exact match"
                            },
                            "patch_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by patch_id.keyword. Search for the matches that contain the value"
                            },
                            "not.patch_id": {
                              "type": "string",
                              "title": "Filter the search by not.patch_id. Search for the matches that are not equal to the value"
                            },
                            "not.patch_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.patch_id.keyword. Search for the matches that do not contain the value"
                            },
                            "kb_id": {
                              "type": "string",
                              "title": "Filter the search by kb_id. Search for an exact match"
                            },
                            "kb_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by kb_id.keyword. Search for the matches that contain the value"
                            },
                            "not.kb_id": {
                              "type": "string",
                              "title": "Filter the search by not.kb_id. Search for the matches that are not equal to the value"
                            },
                            "not.kb_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.kb_id.keyword. Search for the matches that do not contain the value"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search by reboot_required"
                            },
                            "preview_patch": {
                              "type": "boolean",
                              "title": "Filter the search by preview_patch"
                            },
                            "not.preview_patch": {
                              "type": "boolean",
                              "title": "Filter the search by not.preview_patch"
                            },
                            "size": {
                              "type": "integer",
                              "title": "Filter the search by exact size"
                            },
                            "size_lt": {
                              "type": "integer",
                              "title": "Filter the search by size_lt. Search for the documents that are less than the value"
                            },
                            "size_lte": {
                              "type": "integer",
                              "title": "Filter the search by size_lte. Search for the documents that are less than the value"
                            },
                            "size_gt": {
                              "type": "integer",
                              "title": "Filter the search by size_gt. Search for the documents that are greater than the value"
                            },
                            "size_gte": {
                              "type": "integer",
                              "title": "Filter the search by size_gte. Search for the documents that are greater than the value"
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "Filter search with created_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-02-01T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "Filter search with created_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "released_at_after": {
                              "type": "string",
                              "title": "Filter search with released_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "released_at_before": {
                              "type": "string",
                              "title": "Filter search with released_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "exists": {
                              "type": "array",
                              "title": "Filter the results for records that have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "not.exists": {
                              "type": "array",
                              "title": "Filter the results for records that do not have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "display_name",
                                "vendor",
                                "product",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "severity",
                                "title",
                                "description",
                                "category",
                                "security_update_id",
                                "patch_id",
                                "kb_id",
                                "created_at",
                                "released_at",
                                "reboot_required",
                                "preview_patch",
                                "size",
                                "domain_name"
                              ]
                            },
                            "populate": {
                              "type": "object",
                              "title": "The populate object Schema",
                              "properties": {
                                "group": {
                                  "type": "boolean",
                                  "title": "Populates group data (group name, policy name, policy id)"
                                },
                                "endpoint": {
                                  "type": "boolean",
                                  "title": "Populate with the endpoint data (last day seen, last user)"
                                }
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "machine_id",
                                  "group_id",
                                  "root_group_id",
                                  "object_guid",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "display_name",
                                  "vendor",
                                  "product",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "severity",
                                  "title",
                                  "description",
                                  "category",
                                  "security_update_id",
                                  "patch_id",
                                  "kb_id",
                                  "created_at",
                                  "released_at",
                                  "reboot_required",
                                  "preview_patch",
                                  "size"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "OS Patches"
        ],
        "operationId": "api.nebula.post.export.os-patches"
      }
    },
    "/nebula/v1/os-patches/export/async": {
      "post": {
        "description": "Export OS Patches asynchronously.",
        "summary": "Export OS Patches asynchronously",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "groups",
                  "select",
                  "format"
                ],
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "domain_name",
                            "display_name",
                            "vendor",
                            "product",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "severity",
                            "title",
                            "description",
                            "category",
                            "security_update_id",
                            "patch_id",
                            "kb_id",
                            "created_at",
                            "released_at",
                            "reboot_required",
                            "preview_patch",
                            "size",
                            "group.name",
                            "group.policy_id",
                            "group.policy_name",
                            "endpoint.last_day_seen",
                            "endpoint.last_user",
                            "alias"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch endpoints",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                          "properties": {
                            "machine_id": {
                              "type": "string",
                              "title": "Filter the search by machine_id. Search for an exact match"
                            },
                            "machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                            },
                            "not.machine_id": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                            },
                            "not.machine_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter the search by group_id. Search for an exact match"
                            },
                            "group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.group_id": {
                              "type": "string",
                              "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                            },
                            "not.group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "root_group_id": {
                              "type": "string",
                              "title": "Filter the search by root_group_id. Search for an exact match"
                            },
                            "root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                            },
                            "not.root_group_id": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                            },
                            "not.root_group_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter the search by group_name. Search for an exact match"
                            },
                            "group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                            },
                            "not.group_name": {
                              "type": "string",
                              "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                            },
                            "not.group_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                            },
                            "object_guid": {
                              "type": "string",
                              "title": "Filter the search by object_guid. Search for an exact match"
                            },
                            "object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                            },
                            "not.object_guid": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                            },
                            "not.object_guid.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                            },
                            "host_name": {
                              "type": "string",
                              "title": "Filter the search by host_name. Search for an exact match"
                            },
                            "host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.host_name": {
                              "type": "string",
                              "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                            },
                            "not.host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                            },
                            "fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                            },
                            "not.fully_qualified_host_name": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                            },
                            "not.fully_qualified_host_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                            },
                            "domain_name": {
                              "type": "string",
                              "title": "Filter the search by domain_name. Search for an exact match"
                            },
                            "domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                            },
                            "not.domain_name": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                            },
                            "not.domain_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                            },
                            "display_name": {
                              "type": "string",
                              "title": "Filter the search by display_name. Search for an exact match"
                            },
                            "display_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by display_name.keyword. Search for the matches that contain the value"
                            },
                            "not.display_name": {
                              "type": "string",
                              "title": "Filter the search by not.display_name. Search for the matches that are not equal to the value"
                            },
                            "not.display_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.display_name.keyword. Search for the matches that do not contain the value"
                            },
                            "vendor": {
                              "type": "string",
                              "title": "Filter the search by vendor. Search for an exact match"
                            },
                            "vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                            },
                            "not.vendor": {
                              "type": "string",
                              "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                            },
                            "not.vendor.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                            },
                            "product": {
                              "type": "string",
                              "title": "Filter the search by product. Search for an exact match"
                            },
                            "product.keyword": {
                              "type": "string",
                              "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                            },
                            "not.product": {
                              "type": "string",
                              "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                            },
                            "not.product.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type. Search for an exact match"
                            },
                            "os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_type": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_type.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version. Search for an exact match"
                            },
                            "os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_version": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_version.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform. Search for an exact match"
                            },
                            "os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_platform": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_platform.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                            },
                            "os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_architecture": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_architecture.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                            },
                            "not.os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                            },
                            "not.os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                            },
                            "severity": {
                              "type": "string",
                              "title": "Filter the search by severity. Search for an exact match"
                            },
                            "severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                            },
                            "not.severity": {
                              "type": "string",
                              "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                            },
                            "not.severity.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                            },
                            "title": {
                              "type": "string",
                              "title": "Filter the search by title. Search for an exact match"
                            },
                            "title.keyword": {
                              "type": "string",
                              "title": "Filter the search by title.keyword. Search for the matches that contain the value"
                            },
                            "not.title": {
                              "type": "string",
                              "title": "Filter the search by not.title. Search for the matches that are not equal to the value"
                            },
                            "not.title.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.title.keyword. Search for the matches that do not contain the value"
                            },
                            "description": {
                              "type": "string",
                              "title": "Filter the search by description. Search for an exact match"
                            },
                            "description.keyword": {
                              "type": "string",
                              "title": "Filter the search by description.keyword. Search for the matches that contain the value"
                            },
                            "not.description": {
                              "type": "string",
                              "title": "Filter the search by not.description. Search for the matches that are not equal to the value"
                            },
                            "not.description.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.description.keyword. Search for the matches that do not contain the value"
                            },
                            "category": {
                              "type": "string",
                              "title": "Filter the search by category. Search for an exact match"
                            },
                            "category.keyword": {
                              "type": "string",
                              "title": "Filter the search by category.keyword. Search for the matches that contain the value"
                            },
                            "not.category": {
                              "type": "string",
                              "title": "Filter the search by not.category. Search for the matches that are not equal to the value"
                            },
                            "not.category.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.category.keyword. Search for the matches that do not contain the value"
                            },
                            "security_update_id": {
                              "type": "string",
                              "title": "Filter the search by security_update_id. Search for an exact match"
                            },
                            "security_update_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by security_update_id.keyword. Search for the matches that contain the value"
                            },
                            "not.security_update_id": {
                              "type": "string",
                              "title": "Filter the search by not.security_update_id. Search for the matches that are not equal to the value"
                            },
                            "not.security_update_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.security_update_id.keyword. Search for the matches that do not contain the value"
                            },
                            "patch_id": {
                              "type": "string",
                              "title": "Filter the search by patch_id. Search for an exact match"
                            },
                            "patch_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by patch_id.keyword. Search for the matches that contain the value"
                            },
                            "not.patch_id": {
                              "type": "string",
                              "title": "Filter the search by not.patch_id. Search for the matches that are not equal to the value"
                            },
                            "not.patch_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.patch_id.keyword. Search for the matches that do not contain the value"
                            },
                            "kb_id": {
                              "type": "string",
                              "title": "Filter the search by kb_id. Search for an exact match"
                            },
                            "kb_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by kb_id.keyword. Search for the matches that contain the value"
                            },
                            "not.kb_id": {
                              "type": "string",
                              "title": "Filter the search by not.kb_id. Search for the matches that are not equal to the value"
                            },
                            "not.kb_id.keyword": {
                              "type": "string",
                              "title": "Filter the search by not.kb_id.keyword. Search for the matches that do not contain the value"
                            },
                            "reboot_required": {
                              "type": "boolean",
                              "title": "Filter the search by reboot_required"
                            },
                            "preview_patch": {
                              "type": "boolean",
                              "title": "Filter the search by preview_patch"
                            },
                            "not.preview_patch": {
                              "type": "boolean",
                              "title": "Filter the search by not.preview_patch"
                            },
                            "size": {
                              "type": "integer",
                              "title": "Filter the search by exact size"
                            },
                            "size_lt": {
                              "type": "integer",
                              "title": "Filter the search by size_lt. Search for the documents that are less than the value"
                            },
                            "size_lte": {
                              "type": "integer",
                              "title": "Filter the search by size_lte. Search for the documents that are less than the value"
                            },
                            "size_gt": {
                              "type": "integer",
                              "title": "Filter the search by size_gt. Search for the documents that are greater than the value"
                            },
                            "size_gte": {
                              "type": "integer",
                              "title": "Filter the search by size_gte. Search for the documents that are greater than the value"
                            },
                            "created_at_after": {
                              "type": "string",
                              "title": "Filter search with created_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-02-01T17:23:17.860482Z"
                              ]
                            },
                            "created_at_before": {
                              "type": "string",
                              "title": "Filter search with created_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "released_at_after": {
                              "type": "string",
                              "title": "Filter search with released_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "released_at_before": {
                              "type": "string",
                              "title": "Filter search with released_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "exists": {
                              "type": "array",
                              "title": "Filter the results for records that have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "not.exists": {
                              "type": "array",
                              "title": "Filter the results for records that do not have these fields",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "domain_name",
                                  "product_signature"
                                ]
                              }
                            },
                            "sort_field": {
                              "type": "string",
                              "title": "Sort field",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "display_name",
                                "vendor",
                                "product",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "severity",
                                "title",
                                "description",
                                "category",
                                "security_update_id",
                                "patch_id",
                                "kb_id",
                                "created_at",
                                "released_at",
                                "reboot_required",
                                "preview_patch",
                                "size",
                                "domain_name"
                              ]
                            },
                            "populate": {
                              "type": "object",
                              "title": "The populate object Schema",
                              "properties": {
                                "group": {
                                  "type": "boolean",
                                  "title": "Populates group data (group name, policy name, policy id)"
                                },
                                "endpoint": {
                                  "type": "boolean",
                                  "title": "Populate with the endpoint data (last day seen, last user)"
                                }
                              }
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sorting direction",
                              "default": "asc",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "default": 50,
                              "maximum": 2000
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "machine_id",
                                  "group_id",
                                  "root_group_id",
                                  "object_guid",
                                  "host_name",
                                  "fully_qualified_host_name",
                                  "display_name",
                                  "vendor",
                                  "product",
                                  "os_info.os_type",
                                  "os_info.os_version",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "os_info.os_release_name",
                                  "severity",
                                  "title",
                                  "description",
                                  "category",
                                  "security_update_id",
                                  "patch_id",
                                  "kb_id",
                                  "created_at",
                                  "released_at",
                                  "reboot_required",
                                  "preview_patch",
                                  "size"
                                ]
                              }
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "OS Patches"
        ],
        "operationId": "api.nebula.post.export.os-patches.async"
      }
    },
    "/nebula/v1/os-patches": {
      "post": {
        "description": "Search OS Patches.",
        "summary": "Search OS Patches",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                "properties": {
                  "machine_id": {
                    "type": "string",
                    "title": "Filter the search by machine_id. Search for an exact match"
                  },
                  "machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                  },
                  "not.machine_id": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                  },
                  "not.machine_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter the search by group_id. Search for an exact match"
                  },
                  "group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                  },
                  "not.group_id": {
                    "type": "string",
                    "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                  },
                  "not.group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                  },
                  "root_group_id": {
                    "type": "string",
                    "title": "Filter the search by root_group_id. Search for an exact match"
                  },
                  "root_group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                  },
                  "not.root_group_id": {
                    "type": "string",
                    "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                  },
                  "not.root_group_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter the search by group_name. Search for an exact match"
                  },
                  "group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                  },
                  "not.group_name": {
                    "type": "string",
                    "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                  },
                  "not.group_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                  },
                  "object_guid": {
                    "type": "string",
                    "title": "Filter the search by object_guid. Search for an exact match"
                  },
                  "object_guid.keyword": {
                    "type": "string",
                    "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                  },
                  "not.object_guid": {
                    "type": "string",
                    "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                  },
                  "not.object_guid.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                  },
                  "host_name": {
                    "type": "string",
                    "title": "Filter the search by host_name. Search for an exact match"
                  },
                  "host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                  },
                  "not.host_name": {
                    "type": "string",
                    "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                  },
                  "not.host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                  },
                  "fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                  },
                  "fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                  },
                  "not.fully_qualified_host_name": {
                    "type": "string",
                    "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                  },
                  "not.fully_qualified_host_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                  },
                  "domain_name": {
                    "type": "string",
                    "title": "Filter the search by domain_name. Search for an exact match"
                  },
                  "domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                  },
                  "not.domain_name": {
                    "type": "string",
                    "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                  },
                  "not.domain_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                  },
                  "display_name": {
                    "type": "string",
                    "title": "Filter the search by display_name. Search for an exact match"
                  },
                  "display_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by display_name.keyword. Search for the matches that contain the value"
                  },
                  "not.display_name": {
                    "type": "string",
                    "title": "Filter the search by not.display_name. Search for the matches that are not equal to the value"
                  },
                  "not.display_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.display_name.keyword. Search for the matches that do not contain the value"
                  },
                  "vendor": {
                    "type": "string",
                    "title": "Filter the search by vendor. Search for an exact match"
                  },
                  "vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                  },
                  "not.vendor": {
                    "type": "string",
                    "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                  },
                  "not.vendor.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                  },
                  "product": {
                    "type": "string",
                    "title": "Filter the search by product. Search for an exact match"
                  },
                  "product.keyword": {
                    "type": "string",
                    "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                  },
                  "not.product": {
                    "type": "string",
                    "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                  },
                  "not.product.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type. Search for an exact match"
                  },
                  "os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_type": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_type.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version. Search for an exact match"
                  },
                  "os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_version": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_version.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform. Search for an exact match"
                  },
                  "os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_platform": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_platform.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                  },
                  "os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_architecture": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_architecture.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                  },
                  "os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                  },
                  "not.os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                  },
                  "not.os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                  },
                  "severity": {
                    "type": "string",
                    "title": "Filter the search by severity. Search for an exact match"
                  },
                  "severity.keyword": {
                    "type": "string",
                    "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                  },
                  "not.severity": {
                    "type": "string",
                    "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                  },
                  "not.severity.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                  },
                  "title": {
                    "type": "string",
                    "title": "Filter the search by title. Search for an exact match"
                  },
                  "title.keyword": {
                    "type": "string",
                    "title": "Filter the search by title.keyword. Search for the matches that contain the value"
                  },
                  "not.title": {
                    "type": "string",
                    "title": "Filter the search by not.title. Search for the matches that are not equal to the value"
                  },
                  "not.title.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.title.keyword. Search for the matches that do not contain the value"
                  },
                  "description": {
                    "type": "string",
                    "title": "Filter the search by description. Search for an exact match"
                  },
                  "description.keyword": {
                    "type": "string",
                    "title": "Filter the search by description.keyword. Search for the matches that contain the value"
                  },
                  "not.description": {
                    "type": "string",
                    "title": "Filter the search by not.description. Search for the matches that are not equal to the value"
                  },
                  "not.description.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.description.keyword. Search for the matches that do not contain the value"
                  },
                  "category": {
                    "type": "string",
                    "title": "Filter the search by category. Search for an exact match"
                  },
                  "category.keyword": {
                    "type": "string",
                    "title": "Filter the search by category.keyword. Search for the matches that contain the value"
                  },
                  "not.category": {
                    "type": "string",
                    "title": "Filter the search by not.category. Search for the matches that are not equal to the value"
                  },
                  "not.category.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.category.keyword. Search for the matches that do not contain the value"
                  },
                  "security_update_id": {
                    "type": "string",
                    "title": "Filter the search by security_update_id. Search for an exact match"
                  },
                  "security_update_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by security_update_id.keyword. Search for the matches that contain the value"
                  },
                  "not.security_update_id": {
                    "type": "string",
                    "title": "Filter the search by not.security_update_id. Search for the matches that are not equal to the value"
                  },
                  "not.security_update_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.security_update_id.keyword. Search for the matches that do not contain the value"
                  },
                  "patch_id": {
                    "type": "string",
                    "title": "Filter the search by patch_id. Search for an exact match"
                  },
                  "patch_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by patch_id.keyword. Search for the matches that contain the value"
                  },
                  "not.patch_id": {
                    "type": "string",
                    "title": "Filter the search by not.patch_id. Search for the matches that are not equal to the value"
                  },
                  "not.patch_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.patch_id.keyword. Search for the matches that do not contain the value"
                  },
                  "kb_id": {
                    "type": "string",
                    "title": "Filter the search by kb_id. Search for an exact match"
                  },
                  "kb_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by kb_id.keyword. Search for the matches that contain the value"
                  },
                  "not.kb_id": {
                    "type": "string",
                    "title": "Filter the search by not.kb_id. Search for the matches that are not equal to the value"
                  },
                  "not.kb_id.keyword": {
                    "type": "string",
                    "title": "Filter the search by not.kb_id.keyword. Search for the matches that do not contain the value"
                  },
                  "reboot_required": {
                    "type": "boolean",
                    "title": "Filter the search by reboot_required"
                  },
                  "preview_patch": {
                    "type": "boolean",
                    "title": "Filter the search by preview_patch"
                  },
                  "not.preview_patch": {
                    "type": "boolean",
                    "title": "Filter the search by not.preview_patch"
                  },
                  "size": {
                    "type": "integer",
                    "title": "Filter the search by exact size"
                  },
                  "size_lt": {
                    "type": "integer",
                    "title": "Filter the search by size_lt. Search for the documents that are less than the value"
                  },
                  "size_lte": {
                    "type": "integer",
                    "title": "Filter the search by size_lte. Search for the documents that are less than the value"
                  },
                  "size_gt": {
                    "type": "integer",
                    "title": "Filter the search by size_gt. Search for the documents that are greater than the value"
                  },
                  "size_gte": {
                    "type": "integer",
                    "title": "Filter the search by size_gte. Search for the documents that are greater than the value"
                  },
                  "created_at_after": {
                    "type": "string",
                    "title": "Filter search with created_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-02-01T17:23:17.860482Z"
                    ]
                  },
                  "created_at_before": {
                    "type": "string",
                    "title": "Filter search with created_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "released_at_after": {
                    "type": "string",
                    "title": "Filter search with released_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "released_at_before": {
                    "type": "string",
                    "title": "Filter search with released_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "exists": {
                    "type": "array",
                    "title": "Filter the results for records that have these fields",
                    "items": {
                      "type": "string",
                      "enum": [
                        "domain_name",
                        "product_signature"
                      ]
                    }
                  },
                  "not.exists": {
                    "type": "array",
                    "title": "Filter the results for records that do not have these fields",
                    "items": {
                      "type": "string",
                      "enum": [
                        "domain_name",
                        "product_signature"
                      ]
                    }
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "machine_id",
                      "group_id",
                      "root_group_id",
                      "object_guid",
                      "host_name",
                      "fully_qualified_host_name",
                      "display_name",
                      "vendor",
                      "product",
                      "os_info.os_type",
                      "os_info.os_version",
                      "os_info.os_platform",
                      "os_info.os_architecture",
                      "os_info.os_release_name",
                      "severity",
                      "title",
                      "description",
                      "category",
                      "security_update_id",
                      "patch_id",
                      "kb_id",
                      "created_at",
                      "released_at",
                      "reboot_required",
                      "preview_patch",
                      "size",
                      "domain_name"
                    ]
                  },
                  "populate": {
                    "type": "object",
                    "title": "The populate object Schema",
                    "properties": {
                      "group": {
                        "type": "boolean",
                        "title": "Populates group data (group name, policy name, policy id)"
                      },
                      "endpoint": {
                        "type": "boolean",
                        "title": "Populate with the endpoint data (last day seen, last user)"
                      }
                    }
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sorting direction",
                    "default": "asc",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "default": 50,
                    "maximum": 2000
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "machine_id",
                        "group_id",
                        "root_group_id",
                        "object_guid",
                        "host_name",
                        "fully_qualified_host_name",
                        "display_name",
                        "vendor",
                        "product",
                        "os_info.os_type",
                        "os_info.os_version",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "os_info.os_release_name",
                        "severity",
                        "title",
                        "description",
                        "category",
                        "security_update_id",
                        "patch_id",
                        "kb_id",
                        "created_at",
                        "released_at",
                        "reboot_required",
                        "preview_patch",
                        "size"
                      ]
                    }
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search OS Patches result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "properties": {
                          "account_id": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "host_name": {
                            "type": "string"
                          },
                          "fully_qualified_host_name": {
                            "type": "string"
                          },
                          "display_name": {
                            "type": "string"
                          },
                          "domain_name": {
                            "type": "string"
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "object_guid": {
                            "type": "string"
                          },
                          "title": {
                            "type": "string"
                          },
                          "description": {
                            "type": "string"
                          },
                          "severity": {
                            "type": "string"
                          },
                          "category": {
                            "type": "string"
                          },
                          "security_update_id": {
                            "type": "string"
                          },
                          "patch_id": {
                            "type": "string"
                          },
                          "released_at": {
                            "type": "string"
                          },
                          "size": {
                            "type": "number"
                          },
                          "reboot_required": {
                            "type": "boolean"
                          },
                          "preview_patch": {
                            "type": "boolean"
                          },
                          "os_info": {
                            "properties": {
                              "os_type": {
                                "type": "string"
                              },
                              "os_version": {
                                "type": "string"
                              },
                              "os_platform": {
                                "type": "string"
                              },
                              "os_architecture": {
                                "type": "string"
                              },
                              "os_release_name": {
                                "type": "string"
                              }
                            }
                          },
                          "endpoint": {
                            "properties": {
                              "last_user": {
                                "type": "string"
                              },
                              "last_day_seen": {
                                "type": "string",
                                "examples": [
                                  "2020-06-01T09:52:10.579Z"
                                ]
                              }
                            }
                          },
                          "group": {
                            "properties": {
                              "name": {
                                "type": "string"
                              },
                              "policy_id": {
                                "type": "string"
                              },
                              "policy_name": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "results",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "OS Patches"
        ],
        "operationId": "api.nebula.search.os-patches"
      }
    },
    "/nebula/v1/os-patches/search-groupby": {
      "post": {
        "description": "Search OS Patches grouped by a specific field.",
        "summary": "Search OS Patches groupBy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Os Patches Search GroupBy Request Schema",
                "required": [
                  "group_by",
                  "page_size"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search assets software request. Leading wildcards are not supported for constraint fields without '.keyword' suffix.",
                    "properties": {
                      "machine_id": {
                        "type": "string",
                        "title": "Filter the search by machine_id. Search for an exact match"
                      },
                      "machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by machine_id.keyword. Search for the matches that contain the value"
                      },
                      "not.machine_id": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id. Search for the matches that are not equal to the value"
                      },
                      "not.machine_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.machine_id.keyword. Search for the matches that do not contain the value"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter the search by group_id. Search for an exact match"
                      },
                      "group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_id.keyword. Search for the matches that contain the value"
                      },
                      "not.group_id": {
                        "type": "string",
                        "title": "Filter the search by not.group_id. Search for the matches that are not equal to the value"
                      },
                      "not.group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_id.keyword. Search for the matches that do not contain the value"
                      },
                      "root_group_id": {
                        "type": "string",
                        "title": "Filter the search by root_group_id. Search for an exact match"
                      },
                      "root_group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by root_group_id.keyword. Search for the matches that contain the value"
                      },
                      "not.root_group_id": {
                        "type": "string",
                        "title": "Filter the search by not.root_group_id. Search for the matches that are not equal to the value"
                      },
                      "not.root_group_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.root_group_id.keyword. Search for the matches that do not contain the value"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter the search by group_name. Search for an exact match"
                      },
                      "group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by group_name.keyword. Search for the matches that contain the value"
                      },
                      "not.group_name": {
                        "type": "string",
                        "title": "Filter the search by not.group_name. Search for the matches that are not equal to the value"
                      },
                      "not.group_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.group_name.keyword. Search for the matches that do not contain the value"
                      },
                      "object_guid": {
                        "type": "string",
                        "title": "Filter the search by object_guid. Search for an exact match"
                      },
                      "object_guid.keyword": {
                        "type": "string",
                        "title": "Filter the search by object_guid.keyword. Search for the matches that contain the value"
                      },
                      "not.object_guid": {
                        "type": "string",
                        "title": "Filter the search by not.object_guid. Search for the matches that are not equal to the value"
                      },
                      "not.object_guid.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.object_guid.keyword. Search for the matches that do not contain the value"
                      },
                      "host_name": {
                        "type": "string",
                        "title": "Filter the search by host_name. Search for an exact match"
                      },
                      "host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by host_name.keyword. Search for the matches that contain the value"
                      },
                      "not.host_name": {
                        "type": "string",
                        "title": "Filter the search by not.host_name. Search for the matches that are not equal to the value"
                      },
                      "not.host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.host_name.keyword. Search for the matches that do not contain the value"
                      },
                      "fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name. Search for an exact match"
                      },
                      "fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by fully_qualified_host_name.keyword. Search for the matches that contain the value"
                      },
                      "not.fully_qualified_host_name": {
                        "type": "string",
                        "title": "Filter the search by not.fully_qualified_host_name. Search for the matches that are not equal to the value"
                      },
                      "not.fully_qualified_host_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.fully_qualified_host_name.keyword. Search for the matches that do not contain the value"
                      },
                      "domain_name": {
                        "type": "string",
                        "title": "Filter the search by domain_name. Search for an exact match"
                      },
                      "domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by domain_name.keyword. Search for the matches that contain the value"
                      },
                      "not.domain_name": {
                        "type": "string",
                        "title": "Filter the search by not.domain_name. Search for the matches that are not equal to the value"
                      },
                      "not.domain_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.domain_name.keyword. Search for the matches that do not contain the value"
                      },
                      "display_name": {
                        "type": "string",
                        "title": "Filter the search by display_name. Search for an exact match"
                      },
                      "display_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by display_name.keyword. Search for the matches that contain the value"
                      },
                      "not.display_name": {
                        "type": "string",
                        "title": "Filter the search by not.display_name. Search for the matches that are not equal to the value"
                      },
                      "not.display_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.display_name.keyword. Search for the matches that do not contain the value"
                      },
                      "vendor": {
                        "type": "string",
                        "title": "Filter the search by vendor. Search for an exact match"
                      },
                      "vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by vendor.keyword. Search for the matches that contain the value"
                      },
                      "not.vendor": {
                        "type": "string",
                        "title": "Filter the search by not.vendor. Search for the matches that are not equal to the value"
                      },
                      "not.vendor.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.vendor.keyword. Search for the matches that do not contain the value"
                      },
                      "product": {
                        "type": "string",
                        "title": "Filter the search by product. Search for an exact match"
                      },
                      "product.keyword": {
                        "type": "string",
                        "title": "Filter the search by product.keyword. Search for the matches that contain the value"
                      },
                      "not.product": {
                        "type": "string",
                        "title": "Filter the search by not.product. Search for the matches that are not equal to the value"
                      },
                      "not.product.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.product.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type. Search for an exact match"
                      },
                      "os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_type.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_type": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_type. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_type.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_type.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version. Search for an exact match"
                      },
                      "os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_version.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_version": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_version. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_version.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_version.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform. Search for an exact match"
                      },
                      "os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_platform.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_platform": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_platform. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_platform.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_platform.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture. Search for an exact match"
                      },
                      "os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_architecture.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_architecture": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_architecture. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_architecture.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_architecture.keyword. Search for the matches that do not contain the value"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name. Search for an exact match"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by os_info.os_release_name.keyword. Search for the matches that contain the value"
                      },
                      "not.os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_release_name. Search for the matches that are not equal to the value"
                      },
                      "not.os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.os_info.os_release_name.keyword. Search for the matches that do not contain the value"
                      },
                      "severity": {
                        "type": "string",
                        "title": "Filter the search by severity. Search for an exact match"
                      },
                      "severity.keyword": {
                        "type": "string",
                        "title": "Filter the search by severity.keyword. Search for the matches that contain the value"
                      },
                      "not.severity": {
                        "type": "string",
                        "title": "Filter the search by not.severity. Search for the matches that are not equal to the value"
                      },
                      "not.severity.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.severity.keyword. Search for the matches that do not contain the value"
                      },
                      "title": {
                        "type": "string",
                        "title": "Filter the search by title. Search for an exact match"
                      },
                      "title.keyword": {
                        "type": "string",
                        "title": "Filter the search by title.keyword. Search for the matches that contain the value"
                      },
                      "not.title": {
                        "type": "string",
                        "title": "Filter the search by not.title. Search for the matches that are not equal to the value"
                      },
                      "not.title.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.title.keyword. Search for the matches that do not contain the value"
                      },
                      "description": {
                        "type": "string",
                        "title": "Filter the search by description. Search for an exact match"
                      },
                      "description.keyword": {
                        "type": "string",
                        "title": "Filter the search by description.keyword. Search for the matches that contain the value"
                      },
                      "not.description": {
                        "type": "string",
                        "title": "Filter the search by not.description. Search for the matches that are not equal to the value"
                      },
                      "not.description.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.description.keyword. Search for the matches that do not contain the value"
                      },
                      "category": {
                        "type": "string",
                        "title": "Filter the search by category. Search for an exact match"
                      },
                      "category.keyword": {
                        "type": "string",
                        "title": "Filter the search by category.keyword. Search for the matches that contain the value"
                      },
                      "not.category": {
                        "type": "string",
                        "title": "Filter the search by not.category. Search for the matches that are not equal to the value"
                      },
                      "not.category.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.category.keyword. Search for the matches that do not contain the value"
                      },
                      "security_update_id": {
                        "type": "string",
                        "title": "Filter the search by security_update_id. Search for an exact match"
                      },
                      "security_update_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by security_update_id.keyword. Search for the matches that contain the value"
                      },
                      "not.security_update_id": {
                        "type": "string",
                        "title": "Filter the search by not.security_update_id. Search for the matches that are not equal to the value"
                      },
                      "not.security_update_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.security_update_id.keyword. Search for the matches that do not contain the value"
                      },
                      "patch_id": {
                        "type": "string",
                        "title": "Filter the search by patch_id. Search for an exact match"
                      },
                      "patch_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by patch_id.keyword. Search for the matches that contain the value"
                      },
                      "not.patch_id": {
                        "type": "string",
                        "title": "Filter the search by not.patch_id. Search for the matches that are not equal to the value"
                      },
                      "not.patch_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.patch_id.keyword. Search for the matches that do not contain the value"
                      },
                      "kb_id": {
                        "type": "string",
                        "title": "Filter the search by kb_id. Search for an exact match"
                      },
                      "kb_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by kb_id.keyword. Search for the matches that contain the value"
                      },
                      "not.kb_id": {
                        "type": "string",
                        "title": "Filter the search by not.kb_id. Search for the matches that are not equal to the value"
                      },
                      "not.kb_id.keyword": {
                        "type": "string",
                        "title": "Filter the search by not.kb_id.keyword. Search for the matches that do not contain the value"
                      },
                      "reboot_required": {
                        "type": "boolean",
                        "title": "Filter the search by reboot_required"
                      },
                      "preview_patch": {
                        "type": "boolean",
                        "title": "Filter the search by preview_patch"
                      },
                      "not.preview_patch": {
                        "type": "boolean",
                        "title": "Filter the search by not.preview_patch"
                      },
                      "size": {
                        "type": "integer",
                        "title": "Filter the search by exact size"
                      },
                      "size_lt": {
                        "type": "integer",
                        "title": "Filter the search by size_lt. Search for the documents that are less than the value"
                      },
                      "size_lte": {
                        "type": "integer",
                        "title": "Filter the search by size_lte. Search for the documents that are less than the value"
                      },
                      "size_gt": {
                        "type": "integer",
                        "title": "Filter the search by size_gt. Search for the documents that are greater than the value"
                      },
                      "size_gte": {
                        "type": "integer",
                        "title": "Filter the search by size_gte. Search for the documents that are greater than the value"
                      },
                      "created_at_after": {
                        "type": "string",
                        "title": "Filter search with created_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-02-01T17:23:17.860482Z"
                        ]
                      },
                      "created_at_before": {
                        "type": "string",
                        "title": "Filter search with created_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "released_at_after": {
                        "type": "string",
                        "title": "Filter search with released_at_after ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "released_at_before": {
                        "type": "string",
                        "title": "Filter search with released_at_before ISO date string (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "exists": {
                        "type": "array",
                        "title": "Filter the results for records that have these fields",
                        "items": {
                          "type": "string",
                          "enum": [
                            "domain_name",
                            "product_signature"
                          ]
                        }
                      },
                      "not.exists": {
                        "type": "array",
                        "title": "Filter the results for records that do not have these fields",
                        "items": {
                          "type": "string",
                          "enum": [
                            "domain_name",
                            "product_signature"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Sort field",
                        "enum": [
                          "machine_id",
                          "group_id",
                          "root_group_id",
                          "object_guid",
                          "host_name",
                          "fully_qualified_host_name",
                          "display_name",
                          "vendor",
                          "product",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "severity",
                          "title",
                          "description",
                          "category",
                          "security_update_id",
                          "patch_id",
                          "kb_id",
                          "created_at",
                          "released_at",
                          "reboot_required",
                          "preview_patch",
                          "size",
                          "domain_name"
                        ]
                      },
                      "populate": {
                        "type": "object",
                        "title": "The populate object Schema",
                        "properties": {
                          "group": {
                            "type": "boolean",
                            "title": "Populates group data (group name, policy name, policy id)"
                          },
                          "endpoint": {
                            "type": "boolean",
                            "title": "Populate with the endpoint data (last day seen, last user)"
                          }
                        }
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sorting direction",
                        "default": "asc",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "default": 50,
                        "maximum": 2000
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "display_name",
                            "vendor",
                            "product",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "severity",
                            "title",
                            "description",
                            "category",
                            "security_update_id",
                            "patch_id",
                            "kb_id",
                            "created_at",
                            "released_at",
                            "reboot_required",
                            "preview_patch",
                            "size"
                          ]
                        }
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ],
                "properties": {
                  "group_by": {
                    "type": "string",
                    "title": "The sort field Schema",
                    "enum": [
                      "account_id",
                      "account_name",
                      "parent_account_id",
                      "machine_id",
                      "group_id",
                      "root_group_id",
                      "object_guid",
                      "host_name",
                      "fully_qualified_host_name",
                      "display_name",
                      "vendor",
                      "product",
                      "os_info.os_type",
                      "os_info.os_version",
                      "os_info.os_platform",
                      "os_info.os_architecture",
                      "os_info.os_release_name",
                      "severity",
                      "title",
                      "description",
                      "category",
                      "security_update_id",
                      "patch_id",
                      "created_at",
                      "released_at",
                      "reboot_required",
                      "preview_patch",
                      "size",
                      "domain_name"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page_size Schema",
                    "minimum": 50,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Os Patches Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "type": "object",
                        "title": "The Items Schema",
                        "required": [
                          "value",
                          "total"
                        ],
                        "properties": {
                          "value": {
                            "type": [
                              "string",
                              "boolean"
                            ],
                            "title": "The Value Schema"
                          },
                          "total": {
                            "type": "integer",
                            "title": "The Total Schema"
                          },
                          "host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "fully_qualified_host_name": {
                            "type": "string",
                            "title": "The host name Schema (only for machine_id aggregation)"
                          },
                          "tags": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "The tags Schema (only for machine_id aggregation)"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account_id Schema (only for machine_id aggregation)"
                          },
                          "group_name": {
                            "type": "string",
                            "title": "The group name Schema (only for group_id aggregation)"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "The account_name Schema (only for group_id and account_id aggregation)"
                          },
                          "title": {
                            "type": "string",
                            "title": "The title schema (only for patch_id aggregation)"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "OS Patches"
        ],
        "operationId": "api.nebula.search.os-patches.group"
      }
    },
    "/nebula/v1/schedules/{id}": {
      "delete": {
        "description": "Delete a schedule by its id.",
        "summary": "Delete a schedule",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Schedules"
        ],
        "operationId": "api.nebula.delete.schedules"
      },
      "get": {
        "description": "Get schedule by id.",
        "summary": "Get schedule by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Schedule Response",
                  "properties": {
                    "id": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "title": "Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "etag": {
                      "type": "string",
                      "title": "ETAG",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a schedule. When updating, you need to fetch the latest value by GETting a schedule. You should always get the current etag before trying to modify a resource that has an etag property."
                    },
                    "command": {
                      "type": "string",
                      "title": "Command",
                      "examples": [
                        "command.threat.scan",
                        "command.asset.refresh"
                      ]
                    },
                    "rrule": {
                      "type": "string",
                      "title": "Frequency and start date",
                      "examples": [
                        "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enabled",
                      "default": true
                    },
                    "command_data": {
                      "type": "object",
                      "additionalProperties": true,
                      "title": "Command data",
                      "examples": [
                        {
                          "schedule_for_windows": true,
                          "scan_settings": {
                            "pum_detection": "Detect",
                            "scan_registry": true,
                            "type": "CustomScan",
                            "no_archive": false,
                            "fixed_drive": true,
                            "scan_path": "",
                            "ark": true,
                            "scan_startup": true,
                            "pup_detection": "Detect",
                            "scan_memory": true,
                            "remove": true
                          },
                          "mac_scan_settings": {
                            "remove": true,
                            "pup_detection": "Ignore"
                          },
                          "schedule_for_mac": true
                        }
                      ],
                      "properties": {
                        "schedule_for_mac": {
                          "type": "boolean",
                          "title": "Schedule for Mac"
                        },
                        "schedule_for_windows": {
                          "type": "boolean",
                          "title": "Schedule for Windows"
                        },
                        "scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Scan settings",
                          "properties": {
                            "type": {
                              "type": "string",
                              "title": "Scan method",
                              "enum": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ],
                              "examples": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ]
                            },
                            "remove": {
                              "type": "boolean",
                              "title": "Remove"
                            },
                            "scan_path": {
                              "type": "string",
                              "title": "Scan path"
                            },
                            "scan_memory": {
                              "type": "boolean",
                              "title": "Scan memory objects",
                              "default": true
                            },
                            "scan_registry": {
                              "type": "boolean",
                              "title": "Scan registry"
                            },
                            "scan_startup": {
                              "type": "boolean",
                              "title": "Scan startup"
                            },
                            "fixed_drive": {
                              "type": "boolean",
                              "title": "Scan all local drives on endpoints"
                            },
                            "no_archive": {
                              "type": "boolean",
                              "title": "Do not scan archives"
                            },
                            "ark": {
                              "type": "boolean",
                              "title": "Scan for rootkits"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Programs, treat as malware",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            },
                            "pum_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Modifications, treat as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        },
                        "mac_scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Mac scan settings",
                          "properties": {
                            "remove": {
                              "type": "boolean",
                              "title": "Quarantine found threats automatically"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Treat detections as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "group_ids": {
                      "type": "array",
                      "title": "Collection of Group IDs",
                      "items": {
                        "type": "string",
                        "title": "Group ids"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Schedules"
        ],
        "operationId": "api.nebula.get.schedule.id"
      },
      "put": {
        "description": "Update schedule. You must use \"add groups for schedule\" to update group route.",
        "summary": "Update schedule",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true,
                "title": "Update schedule",
                "required": [
                  "etag"
                ],
                "properties": {
                  "etag": {
                    "type": "string",
                    "title": "Etag",
                    "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a schedule. When updating, you need to fetch the latest value by GETting a schedule. You should always get the current etag before trying to modify a resource that has an etag property."
                  },
                  "name": {
                    "type": "string",
                    "title": "Name"
                  },
                  "command": {
                    "type": "string",
                    "title": "Command",
                    "examples": [
                      "command.threat.scan",
                      "command.asset.refresh"
                    ]
                  },
                  "rrule": {
                    "type": "string",
                    "title": "Frequency and start date",
                    "examples": [
                      "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Command is enabled",
                    "default": true
                  },
                  "command_data": {
                    "type": "object",
                    "additionalProperties": true,
                    "title": "Command data",
                    "examples": [
                      {
                        "schedule_for_windows": true,
                        "scan_settings": {
                          "pum_detection": "Detect",
                          "scan_registry": true,
                          "type": "CustomScan",
                          "no_archive": false,
                          "fixed_drive": true,
                          "scan_path": "",
                          "ark": true,
                          "scan_startup": true,
                          "pup_detection": "Detect",
                          "scan_memory": true,
                          "remove": true
                        },
                        "mac_scan_settings": {
                          "remove": true,
                          "pup_detection": "Ignore"
                        },
                        "schedule_for_mac": true
                      }
                    ],
                    "properties": {
                      "schedule_for_mac": {
                        "type": "boolean",
                        "title": "Schedule for Mac"
                      },
                      "schedule_for_windows": {
                        "type": "boolean",
                        "title": "Schedule for Windows"
                      },
                      "scan_settings": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Scan settings",
                        "properties": {
                          "type": {
                            "type": "string",
                            "title": "Scan method",
                            "enum": [
                              "CustomScan",
                              "ThreatScan",
                              "HyperScan"
                            ],
                            "examples": [
                              "CustomScan",
                              "ThreatScan",
                              "HyperScan"
                            ]
                          },
                          "remove": {
                            "type": "boolean",
                            "title": "Remove"
                          },
                          "scan_path": {
                            "type": "string",
                            "title": "Scan path"
                          },
                          "scan_memory": {
                            "type": "boolean",
                            "title": "Scan memory objects",
                            "default": true
                          },
                          "scan_registry": {
                            "type": "boolean",
                            "title": "Scan registry"
                          },
                          "scan_startup": {
                            "type": "boolean",
                            "title": "Scan startup"
                          },
                          "fixed_drive": {
                            "type": "boolean",
                            "title": "Scan all local drives on endpoints"
                          },
                          "no_archive": {
                            "type": "boolean",
                            "title": "Do not scan archives"
                          },
                          "ark": {
                            "type": "boolean",
                            "title": "Scan for rootkits"
                          },
                          "pup_detection": {
                            "type": "string",
                            "title": "Potentially Unwanted Programs, treat as malware",
                            "enum": [
                              "Detect",
                              "Ignore"
                            ]
                          },
                          "pum_detection": {
                            "type": "string",
                            "title": "Potentially Unwanted Modifications, treat as malware.",
                            "enum": [
                              "Detect",
                              "Ignore"
                            ]
                          }
                        }
                      },
                      "mac_scan_settings": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Mac scan settings",
                        "properties": {
                          "remove": {
                            "type": "boolean",
                            "title": "Quarantine found threats automatically"
                          },
                          "pup_detection": {
                            "type": "string",
                            "title": "Treat detections as malware.",
                            "enum": [
                              "Detect",
                              "Ignore"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Schedule Response",
                  "properties": {
                    "id": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "title": "Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "etag": {
                      "type": "string",
                      "title": "ETAG",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a schedule. When updating, you need to fetch the latest value by GETting a schedule. You should always get the current etag before trying to modify a resource that has an etag property."
                    },
                    "command": {
                      "type": "string",
                      "title": "Command",
                      "examples": [
                        "command.threat.scan",
                        "command.asset.refresh"
                      ]
                    },
                    "rrule": {
                      "type": "string",
                      "title": "Frequency and start date",
                      "examples": [
                        "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enabled",
                      "default": true
                    },
                    "command_data": {
                      "type": "object",
                      "additionalProperties": true,
                      "title": "Command data",
                      "examples": [
                        {
                          "schedule_for_windows": true,
                          "scan_settings": {
                            "pum_detection": "Detect",
                            "scan_registry": true,
                            "type": "CustomScan",
                            "no_archive": false,
                            "fixed_drive": true,
                            "scan_path": "",
                            "ark": true,
                            "scan_startup": true,
                            "pup_detection": "Detect",
                            "scan_memory": true,
                            "remove": true
                          },
                          "mac_scan_settings": {
                            "remove": true,
                            "pup_detection": "Ignore"
                          },
                          "schedule_for_mac": true
                        }
                      ],
                      "properties": {
                        "schedule_for_mac": {
                          "type": "boolean",
                          "title": "Schedule for Mac"
                        },
                        "schedule_for_windows": {
                          "type": "boolean",
                          "title": "Schedule for Windows"
                        },
                        "scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Scan settings",
                          "properties": {
                            "type": {
                              "type": "string",
                              "title": "Scan method",
                              "enum": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ],
                              "examples": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ]
                            },
                            "remove": {
                              "type": "boolean",
                              "title": "Remove"
                            },
                            "scan_path": {
                              "type": "string",
                              "title": "Scan path"
                            },
                            "scan_memory": {
                              "type": "boolean",
                              "title": "Scan memory objects",
                              "default": true
                            },
                            "scan_registry": {
                              "type": "boolean",
                              "title": "Scan registry"
                            },
                            "scan_startup": {
                              "type": "boolean",
                              "title": "Scan startup"
                            },
                            "fixed_drive": {
                              "type": "boolean",
                              "title": "Scan all local drives on endpoints"
                            },
                            "no_archive": {
                              "type": "boolean",
                              "title": "Do not scan archives"
                            },
                            "ark": {
                              "type": "boolean",
                              "title": "Scan for rootkits"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Programs, treat as malware",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            },
                            "pum_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Modifications, treat as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        },
                        "mac_scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Mac scan settings",
                          "properties": {
                            "remove": {
                              "type": "boolean",
                              "title": "Quarantine found threats automatically"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Treat detections as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "group_ids": {
                      "type": "array",
                      "title": "Collection of Group IDs",
                      "items": {
                        "type": "string",
                        "title": "Group ids"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Schedules"
        ],
        "operationId": "api.nebula.put.schedule"
      }
    },
    "/nebula/v1/schedules": {
      "get": {
        "description": "Get schedules. You must create a separate request \"Get schedule by id\" to get assigned groups for a schedule. has to be made.",
        "summary": "Get schedules",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Collection of schedules",
                  "required": [
                    "schedules",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "schedules": {
                      "type": "array",
                      "title": "Schedules",
                      "items": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Schedule Response",
                        "properties": {
                          "id": {
                            "type": "string",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "title": "Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "title": "Name"
                          },
                          "etag": {
                            "type": "string",
                            "title": "ETAG",
                            "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a schedule. When updating, you need to fetch the latest value by GETting a schedule. You should always get the current etag before trying to modify a resource that has an etag property."
                          },
                          "command": {
                            "type": "string",
                            "title": "Command",
                            "examples": [
                              "command.threat.scan",
                              "command.asset.refresh"
                            ]
                          },
                          "rrule": {
                            "type": "string",
                            "title": "Frequency and start date",
                            "examples": [
                              "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "title": "Enabled",
                            "default": true
                          },
                          "command_data": {
                            "type": "object",
                            "additionalProperties": true,
                            "title": "Command data",
                            "examples": [
                              {
                                "schedule_for_windows": true,
                                "scan_settings": {
                                  "pum_detection": "Detect",
                                  "scan_registry": true,
                                  "type": "CustomScan",
                                  "no_archive": false,
                                  "fixed_drive": true,
                                  "scan_path": "",
                                  "ark": true,
                                  "scan_startup": true,
                                  "pup_detection": "Detect",
                                  "scan_memory": true,
                                  "remove": true
                                },
                                "mac_scan_settings": {
                                  "remove": true,
                                  "pup_detection": "Ignore"
                                },
                                "schedule_for_mac": true
                              }
                            ],
                            "properties": {
                              "schedule_for_mac": {
                                "type": "boolean",
                                "title": "Schedule for Mac"
                              },
                              "schedule_for_windows": {
                                "type": "boolean",
                                "title": "Schedule for Windows"
                              },
                              "scan_settings": {
                                "type": "object",
                                "additionalProperties": true,
                                "title": "Scan settings",
                                "properties": {
                                  "type": {
                                    "type": "string",
                                    "title": "Scan method",
                                    "enum": [
                                      "CustomScan",
                                      "ThreatScan",
                                      "HyperScan"
                                    ],
                                    "examples": [
                                      "CustomScan",
                                      "ThreatScan",
                                      "HyperScan"
                                    ]
                                  },
                                  "remove": {
                                    "type": "boolean",
                                    "title": "Remove"
                                  },
                                  "scan_path": {
                                    "type": "string",
                                    "title": "Scan path"
                                  },
                                  "scan_memory": {
                                    "type": "boolean",
                                    "title": "Scan memory objects",
                                    "default": true
                                  },
                                  "scan_registry": {
                                    "type": "boolean",
                                    "title": "Scan registry"
                                  },
                                  "scan_startup": {
                                    "type": "boolean",
                                    "title": "Scan startup"
                                  },
                                  "fixed_drive": {
                                    "type": "boolean",
                                    "title": "Scan all local drives on endpoints"
                                  },
                                  "no_archive": {
                                    "type": "boolean",
                                    "title": "Do not scan archives"
                                  },
                                  "ark": {
                                    "type": "boolean",
                                    "title": "Scan for rootkits"
                                  },
                                  "pup_detection": {
                                    "type": "string",
                                    "title": "Potentially Unwanted Programs, treat as malware",
                                    "examples": [
                                      "Detect",
                                      "Ignore"
                                    ]
                                  },
                                  "pum_detection": {
                                    "type": "string",
                                    "title": "Potentially Unwanted Modifications, treat as malware.",
                                    "examples": [
                                      "Detect",
                                      "Ignore"
                                    ]
                                  }
                                }
                              },
                              "mac_scan_settings": {
                                "type": "object",
                                "additionalProperties": true,
                                "title": "Mac scan settings",
                                "properties": {
                                  "remove": {
                                    "type": "boolean",
                                    "title": "Quarantine found threats automatically"
                                  },
                                  "pup_detection": {
                                    "type": "string",
                                    "title": "Treat detections as malware.",
                                    "examples": [
                                      "Detect",
                                      "Ignore"
                                    ]
                                  }
                                }
                              }
                            }
                          },
                          "group_ids": {
                            "type": "array",
                            "title": "Collection of Group IDs",
                            "items": {
                              "type": "string",
                              "title": "Group ids"
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Schedules"
        ],
        "operationId": "api.nebula.get.schedules"
      },
      "post": {
        "description": "Create schedule. you must use \"Add groups for schedule\" to add a group route.",
        "summary": "Create schedule",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true,
                "title": "Create schedule",
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name"
                  },
                  "command": {
                    "type": "string",
                    "title": "Command",
                    "examples": [
                      "command.threat.scan",
                      "command.asset.refresh"
                    ]
                  },
                  "rrule": {
                    "type": "string",
                    "title": "Frequency and start date",
                    "examples": [
                      "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Command is enabled",
                    "default": true
                  },
                  "command_data": {
                    "type": "object",
                    "additionalProperties": true,
                    "title": "Command data",
                    "examples": [
                      {
                        "schedule_for_windows": true,
                        "scan_settings": {
                          "pum_detection": "Detect",
                          "scan_registry": true,
                          "type": "CustomScan",
                          "no_archive": false,
                          "fixed_drive": true,
                          "scan_path": "",
                          "ark": true,
                          "scan_startup": true,
                          "pup_detection": "Detect",
                          "scan_memory": true,
                          "remove": true
                        },
                        "mac_scan_settings": {
                          "remove": true,
                          "pup_detection": "Ignore"
                        },
                        "schedule_for_mac": true
                      }
                    ],
                    "properties": {
                      "schedule_for_mac": {
                        "type": "boolean",
                        "title": "Schedule for Mac"
                      },
                      "schedule_for_windows": {
                        "type": "boolean",
                        "title": "Schedule for Windows"
                      },
                      "scan_settings": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Scan settings",
                        "properties": {
                          "type": {
                            "type": "string",
                            "title": "Scan method",
                            "enum": [
                              "CustomScan",
                              "ThreatScan",
                              "HyperScan"
                            ],
                            "examples": [
                              "CustomScan",
                              "ThreatScan",
                              "HyperScan"
                            ]
                          },
                          "remove": {
                            "type": "boolean",
                            "title": "Remove"
                          },
                          "scan_path": {
                            "type": "string",
                            "title": "Scan path"
                          },
                          "scan_memory": {
                            "type": "boolean",
                            "title": "Scan memory objects",
                            "default": true
                          },
                          "scan_registry": {
                            "type": "boolean",
                            "title": "Scan registry"
                          },
                          "scan_startup": {
                            "type": "boolean",
                            "title": "Scan startup"
                          },
                          "fixed_drive": {
                            "type": "boolean",
                            "title": "Scan all local drives on endpoints"
                          },
                          "no_archive": {
                            "type": "boolean",
                            "title": "Do not scan archives"
                          },
                          "ark": {
                            "type": "boolean",
                            "title": "Scan for rootkits"
                          },
                          "pup_detection": {
                            "type": "string",
                            "title": "Potentially Unwanted Programs, treat as malware",
                            "enum": [
                              "Detect",
                              "Ignore"
                            ]
                          },
                          "pum_detection": {
                            "type": "string",
                            "title": "Potentially Unwanted Modifications, treat as malware.",
                            "enum": [
                              "Detect",
                              "Ignore"
                            ]
                          }
                        }
                      },
                      "mac_scan_settings": {
                        "type": "object",
                        "additionalProperties": true,
                        "title": "Mac scan settings",
                        "properties": {
                          "remove": {
                            "type": "boolean",
                            "title": "Quarantine found threats automatically"
                          },
                          "pup_detection": {
                            "type": "string",
                            "title": "Treat detections as malware.",
                            "enum": [
                              "Detect",
                              "Ignore"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Schedule Response",
                  "properties": {
                    "id": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "title": "Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "etag": {
                      "type": "string",
                      "title": "ETAG",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a schedule. When updating, you need to fetch the latest value by GETting a schedule. You should always get the current etag before trying to modify a resource that has an etag property."
                    },
                    "command": {
                      "type": "string",
                      "title": "Command",
                      "examples": [
                        "command.threat.scan",
                        "command.asset.refresh"
                      ]
                    },
                    "rrule": {
                      "type": "string",
                      "title": "Frequency and start date",
                      "examples": [
                        "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enabled",
                      "default": true
                    },
                    "command_data": {
                      "type": "object",
                      "additionalProperties": true,
                      "title": "Command data",
                      "examples": [
                        {
                          "schedule_for_windows": true,
                          "scan_settings": {
                            "pum_detection": "Detect",
                            "scan_registry": true,
                            "type": "CustomScan",
                            "no_archive": false,
                            "fixed_drive": true,
                            "scan_path": "",
                            "ark": true,
                            "scan_startup": true,
                            "pup_detection": "Detect",
                            "scan_memory": true,
                            "remove": true
                          },
                          "mac_scan_settings": {
                            "remove": true,
                            "pup_detection": "Ignore"
                          },
                          "schedule_for_mac": true
                        }
                      ],
                      "properties": {
                        "schedule_for_mac": {
                          "type": "boolean",
                          "title": "Schedule for Mac"
                        },
                        "schedule_for_windows": {
                          "type": "boolean",
                          "title": "Schedule for Windows"
                        },
                        "scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Scan settings",
                          "properties": {
                            "type": {
                              "type": "string",
                              "title": "Scan method",
                              "enum": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ],
                              "examples": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ]
                            },
                            "remove": {
                              "type": "boolean",
                              "title": "Remove"
                            },
                            "scan_path": {
                              "type": "string",
                              "title": "Scan path"
                            },
                            "scan_memory": {
                              "type": "boolean",
                              "title": "Scan memory objects",
                              "default": true
                            },
                            "scan_registry": {
                              "type": "boolean",
                              "title": "Scan registry"
                            },
                            "scan_startup": {
                              "type": "boolean",
                              "title": "Scan startup"
                            },
                            "fixed_drive": {
                              "type": "boolean",
                              "title": "Scan all local drives on endpoints"
                            },
                            "no_archive": {
                              "type": "boolean",
                              "title": "Do not scan archives"
                            },
                            "ark": {
                              "type": "boolean",
                              "title": "Scan for rootkits"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Programs, treat as malware",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            },
                            "pum_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Modifications, treat as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        },
                        "mac_scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Mac scan settings",
                          "properties": {
                            "remove": {
                              "type": "boolean",
                              "title": "Quarantine found threats automatically"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Treat detections as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "group_ids": {
                      "type": "array",
                      "title": "Collection of Group IDs",
                      "items": {
                        "type": "string",
                        "title": "Group ids"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Schedules"
        ],
        "operationId": "api.nebula.post.schedule"
      }
    },
    "/nebula/v1/schedules/{id}/groups": {
      "put": {
        "description": "Add groups for schedule.",
        "summary": "Add groups for schedule",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Group IDs",
                "required": [
                  "group_ids"
                ],
                "properties": {
                  "group_ids": {
                    "type": "array",
                    "title": "Collection of Group IDs",
                    "items": {
                      "type": "string",
                      "title": "UUID of Group",
                      "examples": [
                        "dc5e6ceb-e57f-4bf3-8b6d-df1d369be279"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Schedule Response",
                  "properties": {
                    "id": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "title": "Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "etag": {
                      "type": "string",
                      "title": "ETAG",
                      "description": "etags are identifiers that change on every update. Their use is to prevent race conditions when multiple clients are modifying the same resource. Supply this tag empty when creating a schedule. When updating, you need to fetch the latest value by GETting a schedule. You should always get the current etag before trying to modify a resource that has an etag property."
                    },
                    "command": {
                      "type": "string",
                      "title": "Command",
                      "examples": [
                        "command.threat.scan",
                        "command.asset.refresh"
                      ]
                    },
                    "rrule": {
                      "type": "string",
                      "title": "Frequency and start date",
                      "examples": [
                        "FREQ=DAILY;INTERVAL=1;DTSTART=20200313T000100"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "title": "Enabled",
                      "default": true
                    },
                    "command_data": {
                      "type": "object",
                      "additionalProperties": true,
                      "title": "Command data",
                      "examples": [
                        {
                          "schedule_for_windows": true,
                          "scan_settings": {
                            "pum_detection": "Detect",
                            "scan_registry": true,
                            "type": "CustomScan",
                            "no_archive": false,
                            "fixed_drive": true,
                            "scan_path": "",
                            "ark": true,
                            "scan_startup": true,
                            "pup_detection": "Detect",
                            "scan_memory": true,
                            "remove": true
                          },
                          "mac_scan_settings": {
                            "remove": true,
                            "pup_detection": "Ignore"
                          },
                          "schedule_for_mac": true
                        }
                      ],
                      "properties": {
                        "schedule_for_mac": {
                          "type": "boolean",
                          "title": "Schedule for Mac"
                        },
                        "schedule_for_windows": {
                          "type": "boolean",
                          "title": "Schedule for Windows"
                        },
                        "scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Scan settings",
                          "properties": {
                            "type": {
                              "type": "string",
                              "title": "Scan method",
                              "enum": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ],
                              "examples": [
                                "CustomScan",
                                "ThreatScan",
                                "HyperScan"
                              ]
                            },
                            "remove": {
                              "type": "boolean",
                              "title": "Remove"
                            },
                            "scan_path": {
                              "type": "string",
                              "title": "Scan path"
                            },
                            "scan_memory": {
                              "type": "boolean",
                              "title": "Scan memory objects",
                              "default": true
                            },
                            "scan_registry": {
                              "type": "boolean",
                              "title": "Scan registry"
                            },
                            "scan_startup": {
                              "type": "boolean",
                              "title": "Scan startup"
                            },
                            "fixed_drive": {
                              "type": "boolean",
                              "title": "Scan all local drives on endpoints"
                            },
                            "no_archive": {
                              "type": "boolean",
                              "title": "Do not scan archives"
                            },
                            "ark": {
                              "type": "boolean",
                              "title": "Scan for rootkits"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Programs, treat as malware",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            },
                            "pum_detection": {
                              "type": "string",
                              "title": "Potentially Unwanted Modifications, treat as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        },
                        "mac_scan_settings": {
                          "type": "object",
                          "additionalProperties": true,
                          "title": "Mac scan settings",
                          "properties": {
                            "remove": {
                              "type": "boolean",
                              "title": "Quarantine found threats automatically"
                            },
                            "pup_detection": {
                              "type": "string",
                              "title": "Treat detections as malware.",
                              "examples": [
                                "Detect",
                                "Ignore"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "group_ids": {
                      "type": "array",
                      "title": "Collection of Group IDs",
                      "items": {
                        "type": "string",
                        "title": "Group ids"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Schedules"
        ],
        "operationId": "api.nebula.put.schedule.groupids"
      }
    },
    "/nebula/v1/flight-recorder/chart": {
      "post": {
        "description": "Search occurrence of suspicious activity. Wildcards are not supported.",
        "summary": "Search occurrence of suspicious activity",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder chart request",
                "required": [
                  "advanced_filters"
                ],
                "oneOf": [
                  {
                    "required": [
                      "time_range"
                    ]
                  },
                  {
                    "required": [
                      "time_window"
                    ]
                  }
                ],
                "properties": {
                  "time_range": {
                    "type": "string",
                    "title": "Time range",
                    "enum": [
                      "7d",
                      "3d",
                      "24h",
                      "12h",
                      "6h",
                      "3h",
                      "1h",
                      "30m"
                    ]
                  },
                  "time_window": {
                    "type": "object",
                    "title": "Time window",
                    "properties": {
                      "gte": {
                        "type": "string",
                        "title": "Time window greater than or equal to date",
                        "format": "date-time"
                      },
                      "lte": {
                        "type": "string",
                        "title": "Time window lower than or equal to date",
                        "format": "date-time"
                      }
                    }
                  },
                  "advanced_filters": {
                    "type": "array",
                    "title": "Advanced flight recorder filters",
                    "items": {
                      "items": {
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "title": "Filter with or",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          },
                          "and": {
                            "type": "array",
                            "title": "Filter with and",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "array",
                  "title": "Flight Recorder chart result",
                  "items": {
                    "type": "object",
                    "title": "Collection items",
                    "properties": {
                      "date": {
                        "type": "string",
                        "title": "Date",
                        "examples": [
                          "2020-06-01T07:00:00.000Z"
                        ]
                      },
                      "bucket": {
                        "type": "integer",
                        "title": "Bucket"
                      },
                      "process": {
                        "type": "integer",
                        "title": "Process"
                      },
                      "filesystem": {
                        "type": "integer",
                        "title": "Filesystem"
                      },
                      "script_activity": {
                        "type": "integer",
                        "title": "script_activity"
                      },
                      "network": {
                        "type": "integer",
                        "title": "Network"
                      },
                      "registry": {
                        "type": "integer",
                        "title": "Registry"
                      },
                      "system_event": {
                        "type": "integer",
                        "title": "System event"
                      },
                      "other": {
                        "type": "integer",
                        "title": "Other"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.chart"
      }
    },
    "/nebula/v1/flight-recorder/endpoints": {
      "post": {
        "description": "Search suspicious activity receiving impact information on an endpoint. Wildcards are not supported.",
        "summary": "Search suspicious activity receiving impact information on an endpoint",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder endpoints request",
                "oneOf": [
                  {
                    "required": [
                      "time_range"
                    ]
                  },
                  {
                    "required": [
                      "time_window"
                    ]
                  }
                ],
                "properties": {
                  "advanced_filters": {
                    "type": "array",
                    "title": "Advanced flight recorder filters. REQUIRED field",
                    "items": {
                      "items": {
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "title": "Filter with or",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          },
                          "and": {
                            "type": "array",
                            "title": "Filter with and",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  "time_range": {
                    "type": "string",
                    "title": "Time range",
                    "enum": [
                      "7d",
                      "3d",
                      "24h",
                      "12h",
                      "6h",
                      "3h",
                      "1h",
                      "30m"
                    ]
                  },
                  "time_window": {
                    "type": "object",
                    "title": "Time window",
                    "properties": {
                      "gte": {
                        "type": "string",
                        "title": "Time window greater than or equal to date",
                        "format": "date-time"
                      },
                      "lte": {
                        "type": "string",
                        "title": "Time window lower than or equal to date",
                        "format": "date-time"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Flight Recorder endpoints result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "Results",
                      "items": {
                        "type": "object",
                        "title": "Result items",
                        "properties": {
                          "event_categories": {
                            "type": "object",
                            "title": "Event categories",
                            "properties": {
                              "process": {
                                "type": "integer",
                                "title": "Process"
                              },
                              "registry": {
                                "type": "integer",
                                "title": "Registry"
                              },
                              "network": {
                                "type": "integer",
                                "title": "Network"
                              },
                              "filesystem": {
                                "type": "integer",
                                "title": "Filesystem"
                              }
                            }
                          },
                          "first_timestamp": {
                            "type": "string",
                            "title": "Seen earliest",
                            "examples": [
                              "2020-06-01T09:52:10.579Z"
                            ]
                          },
                          "last_timestamp": {
                            "type": "string",
                            "title": "Seen latest",
                            "examples": [
                              "2020-06-01T09:52:10.579Z"
                            ]
                          },
                          "pc_hostname": {
                            "type": "string",
                            "title": "Hostname of PC"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID",
                            "examples": [
                              "aff7bb09-4515-4043-a40c-16f2f5a7b9b4"
                            ]
                          },
                          "os_type": {
                            "type": "string",
                            "title": "OS type",
                            "examples": [
                              "Windows"
                            ]
                          }
                        }
                      }
                    },
                    "total": {
                      "type": "integer",
                      "title": "Total"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.endpoints"
      }
    },
    "/nebula/v1/flight-recorder/processes": {
      "post": {
        "description": "Retrieve a list of processes matching the search input. Having time_range/window and any of the\n      filters (event_category, first_activity, last_activity, machine_id, md5, os_type, pc_hostname,\n      pid, pid_version, process_name, sha1, sha256, sha512, user, page, page_size) or advanced_filters is required.\n      Advanced_filters are allowed to be combined only with first_activity_gte, first_activity_lte, last_activity_gte, last_activity_lte, machine_id, os_type, user",
        "summary": "Search a list of processes",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder processes request",
                "oneOf": [
                  {
                    "required": [
                      "time_range"
                    ]
                  },
                  {
                    "required": [
                      "time_window"
                    ]
                  }
                ],
                "properties": {
                  "advanced_filters": {
                    "type": "array",
                    "title": "Advanced flight recorder filters",
                    "items": {
                      "items": {
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "title": "Filter with or",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          },
                          "and": {
                            "type": "array",
                            "title": "Filter with and",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  "time_range": {
                    "type": "string",
                    "title": "Time range",
                    "enum": [
                      "7d",
                      "3d",
                      "24h",
                      "12h",
                      "6h",
                      "3h",
                      "1h",
                      "30m"
                    ]
                  },
                  "time_window": {
                    "type": "object",
                    "title": "Time window",
                    "properties": {
                      "gte": {
                        "type": "string",
                        "title": "Time window greater than or equal to date",
                        "format": "date-time"
                      },
                      "lte": {
                        "type": "string",
                        "title": "Time window lower than or equal to date",
                        "format": "date-time"
                      }
                    }
                  },
                  "event_category": {
                    "type": "string",
                    "enum": [
                      "process",
                      "filesystem",
                      "registry",
                      "network",
                      "script activity",
                      "system event"
                    ],
                    "title": "Event's type category filter. Can be one of process, filesystem, registry, network"
                  },
                  "first_activity_gte": {
                    "type": "string",
                    "title": "Filter by first activity gte"
                  },
                  "first_activity_lte": {
                    "type": "string",
                    "title": "Filter by first activity lte"
                  },
                  "last_activity_gte": {
                    "type": "string",
                    "title": "Filter by last activity gte"
                  },
                  "last_activity_lte": {
                    "type": "string",
                    "title": "Filter by last activity lte"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Filter by machine id"
                  },
                  "md5": {
                    "type": "string",
                    "title": "Filter by md5"
                  },
                  "os_type": {
                    "type": "string",
                    "title": "Filter by machine id"
                  },
                  "pc_hostname": {
                    "type": "string",
                    "title": "Filter by os type"
                  },
                  "pid": {
                    "type": "string",
                    "title": "Filter by pid"
                  },
                  "pid_version": {
                    "type": "string",
                    "title": "Filter by pid version"
                  },
                  "process_name": {
                    "type": "string",
                    "title": "Filter by process name"
                  },
                  "process_path": {
                    "type": "string",
                    "title": "Filter by process path"
                  },
                  "sha1": {
                    "type": "string",
                    "title": "Filter by sha1"
                  },
                  "sha256": {
                    "type": "string",
                    "title": "Filter by sha256"
                  },
                  "sha512": {
                    "type": "string",
                    "title": "Filter by sha512"
                  },
                  "user": {
                    "type": "string",
                    "title": "Filter by user"
                  },
                  "sort": {
                    "type": "object",
                    "title": "Choose sort field and type",
                    "anyOf": [
                      {
                        "properties": {
                          "first_seen": {
                            "type": "string",
                            "enum": [
                              "desc",
                              "asc"
                            ]
                          }
                        }
                      },
                      {
                        "properties": {
                          "last_seen": {
                            "type": "string",
                            "enum": [
                              "desc",
                              "asc"
                            ]
                          }
                        }
                      },
                      {
                        "properties": {
                          "os_type": {
                            "type": "string",
                            "enum": [
                              "desc",
                              "asc"
                            ]
                          }
                        }
                      },
                      {
                        "properties": {
                          "pc_hostname": {
                            "type": "string",
                            "enum": [
                              "desc",
                              "asc"
                            ]
                          }
                        }
                      },
                      {
                        "properties": {
                          "process_path": {
                            "type": "string",
                            "enum": [
                              "desc",
                              "asc"
                            ]
                          }
                        }
                      },
                      {
                        "properties": {
                          "user": {
                            "type": "string",
                            "enum": [
                              "desc",
                              "asc"
                            ]
                          }
                        }
                      }
                    ]
                  }
                },
                "page": {
                  "type": "integer",
                  "minimum": 1,
                  "title": "Page number"
                },
                "page_size": {
                  "type": "integer",
                  "minimum": 1,
                  "maximum": 2000,
                  "title": "Page size"
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Flight Recorder processes result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "Results",
                      "items": {
                        "type": "object",
                        "title": "Result items",
                        "properties": {
                          "event_categories": {
                            "type": "object",
                            "title": "Event categories",
                            "properties": {
                              "network": {
                                "type": "integer",
                                "title": "Network"
                              },
                              "process": {
                                "type": "integer",
                                "title": "Process"
                              },
                              "registry": {
                                "type": "integer",
                                "title": "Registry"
                              },
                              "script_activity": {
                                "type": "integer",
                                "title": "Script Activity"
                              },
                              "system_event": {
                                "type": "integer",
                                "title": "System Event"
                              },
                              "other": {
                                "type": "integer",
                                "title": "Other"
                              }
                            }
                          },
                          "first_activity": {
                            "type": "string",
                            "title": "Seen earliest",
                            "examples": [
                              "2020-06-01T09:52:10.579Z"
                            ]
                          },
                          "last_activity": {
                            "type": "string",
                            "title": "Seen latest",
                            "examples": [
                              "2020-06-01T09:52:10.579Z"
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Machine Id"
                          },
                          "pid": {
                            "type": "string",
                            "title": "Process Id"
                          },
                          "pid_version": {
                            "type": "string",
                            "title": "Process Id version"
                          },
                          "process_path": {
                            "type": "string",
                            "title": "Process path"
                          },
                          "md5": {
                            "type": "string",
                            "title": "md5"
                          },
                          "sha1": {
                            "type": "string",
                            "title": "sha1"
                          },
                          "sha256": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "sha256"
                          },
                          "sha512": {
                            "type": "string",
                            "title": "sha512"
                          },
                          "user": {
                            "type": "string",
                            "title": "user"
                          }
                        }
                      }
                    },
                    "total": {
                      "type": "integer",
                      "title": "Total"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.processes"
      }
    },
    "/nebula/v1/flight-recorder/recap": {
      "post": {
        "description": "Search suspicious activity. Wildcards are not supported.",
        "summary": "Search suspicious activity",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder recap request",
                "required": [
                  "input_value"
                ],
                "oneOf": [
                  {
                    "required": [
                      "time_range"
                    ]
                  },
                  {
                    "required": [
                      "time_window"
                    ]
                  }
                ],
                "properties": {
                  "advanced_filters": {
                    "type": "array",
                    "title": "Advanced flight recorder filters. REQUIRED field",
                    "items": {
                      "items": {
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "title": "Filter with or",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          },
                          "and": {
                            "type": "array",
                            "title": "Filter with and",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  "time_range": {
                    "type": "string",
                    "title": "Time range",
                    "enum": [
                      "7d",
                      "3d",
                      "24h",
                      "12h",
                      "6h",
                      "3h",
                      "1h",
                      "30m"
                    ]
                  },
                  "time_window": {
                    "type": "object",
                    "title": "Time window",
                    "properties": {
                      "gte": {
                        "type": "string",
                        "title": "Time window greater than or equal to date",
                        "format": "date-time"
                      },
                      "lte": {
                        "type": "string",
                        "title": "Time window lower than or equal to date",
                        "format": "date-time"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Flight Recorder recap result",
                  "properties": {
                    "endpoints": {
                      "type": "integer",
                      "title": "The endpoints schema"
                    },
                    "last_seen": {
                      "type": "object",
                      "title": "Seen latest",
                      "properties": {
                        "timestamp": {
                          "type": "string",
                          "title": "Timestamp",
                          "examples": [
                            "2020-06-01T09:52:10.579Z"
                          ]
                        },
                        "machine_id": {
                          "type": "string",
                          "title": "Endpoint ID",
                          "examples": [
                            "aff7bb09-4515-4043-a40c-16f2f5a7b9b4"
                          ]
                        },
                        "pc_hostname": {
                          "type": "string",
                          "title": "Hostname of PC"
                        }
                      }
                    },
                    "first_seen": {
                      "type": "object",
                      "title": "Seen earliest",
                      "properties": {
                        "timestamp": {
                          "type": "string",
                          "title": "Timestamp",
                          "examples": [
                            "2020-06-01T09:52:10.579Z"
                          ]
                        },
                        "machine_id": {
                          "type": "string",
                          "title": "Machine ID",
                          "examples": [
                            "aff7bb09-4515-4043-a40c-16f2f5a7b9b4"
                          ]
                        },
                        "pc_hostname": {
                          "type": "string",
                          "title": "Hostname of PC"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.recap"
      }
    },
    "/nebula/v1/flight-recorder/search": {
      "post": {
        "description": "Search the flight recorder with advanced queries",
        "summary": "Search the flight recorder with advanced queries.",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder search request",
                "required": [
                  "advanced_filters"
                ],
                "examples": [
                  {
                    "time_range": "7d",
                    "advanced_filters": [
                      {
                        "or": [
                          {
                            "and": [
                              {
                                "eq": [
                                  "process_name",
                                  "explorer.exe"
                                ]
                              },
                              {
                                "eq": [
                                  "pc_hostname",
                                  "Bob-Pc"
                                ]
                              }
                            ]
                          },
                          {
                            "and": [
                              {
                                "eq": [
                                  "pc_hostname",
                                  "Alice-PC"
                                ]
                              },
                              {
                                "eq": [
                                  "process_name",
                                  "explorer.exe"
                                ]
                              }
                            ]
                          }
                        ]
                      }
                    ]
                  }
                ],
                "oneOf": [
                  {
                    "required": [
                      "time_range"
                    ]
                  },
                  {
                    "required": [
                      "time_window"
                    ]
                  }
                ],
                "properties": {
                  "time_range": {
                    "type": "string",
                    "title": "Time range",
                    "enum": [
                      "7d",
                      "3d",
                      "24h",
                      "12h",
                      "6h",
                      "3h",
                      "1h",
                      "30m"
                    ]
                  },
                  "time_window": {
                    "type": "object",
                    "title": "Time window",
                    "properties": {
                      "gte": {
                        "type": "string",
                        "title": "Time window greater than or equal to date",
                        "format": "date-time"
                      },
                      "lte": {
                        "type": "string",
                        "title": "Time window lower than or equal to date",
                        "format": "date-time"
                      }
                    }
                  },
                  "pc_hostname": {
                    "type": "string",
                    "title": "Hostname filter"
                  },
                  "event_category": {
                    "type": "string",
                    "title": "Event category filter",
                    "enum": [
                      "network",
                      "filesystem",
                      "proccess",
                      "registry",
                      "script activity"
                    ]
                  },
                  "advanced_filters": {
                    "type": "array",
                    "title": "Advanced flight recorder filters",
                    "items": {
                      "items": {
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "title": "Filter with or",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          },
                          "and": {
                            "type": "array",
                            "title": "Filter with and",
                            "items": {
                              "type": "object",
                              "properties": {
                                "eq": {
                                  "type": "array",
                                  "title": "Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "neq": {
                                  "type": "array",
                                  "title": "Not Equal operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "contains": {
                                  "type": "array",
                                  "title": "Contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "not_contains": {
                                  "type": "array",
                                  "title": "not_contains operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "starts_with": {
                                  "type": "array",
                                  "title": "starts_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "machine_id",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                },
                                "ends_with": {
                                  "type": "array",
                                  "title": "ends_with operator",
                                  "items": [
                                    {
                                      "type": "string",
                                      "title": "Field name",
                                      "enum": [
                                        "command_line",
                                        "contacted_domains",
                                        "contacted_ips",
                                        "hash.md5",
                                        "hash.sha1",
                                        "hash.sha256",
                                        "hash.sha512",
                                        "pc_hostname",
                                        "process_id",
                                        "process_name",
                                        "process_path",
                                        "remote_port",
                                        "user"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Value to compare"
                                    }
                                  ]
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Flight Recorder processes result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "Results",
                      "items": {
                        "type": "object",
                        "title": "Result items",
                        "properties": {
                          "event_categories": {
                            "type": "object",
                            "title": "Event categories",
                            "properties": {
                              "network": {
                                "type": "integer",
                                "title": "Network"
                              },
                              "process": {
                                "type": "integer",
                                "title": "Process"
                              },
                              "registry": {
                                "type": "integer",
                                "title": "Registry"
                              },
                              "script_activity": {
                                "type": "integer",
                                "title": "Script Activity"
                              },
                              "system_event": {
                                "type": "integer",
                                "title": "System Event"
                              },
                              "other": {
                                "type": "integer",
                                "title": "Other"
                              }
                            }
                          },
                          "first_activity": {
                            "type": "string",
                            "title": "Seen earliest",
                            "examples": [
                              "2020-06-01T09:52:10.579Z"
                            ]
                          },
                          "last_activity": {
                            "type": "string",
                            "title": "Seen latest",
                            "examples": [
                              "2020-06-01T09:52:10.579Z"
                            ]
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Machine Id"
                          },
                          "pid": {
                            "type": "string",
                            "title": "Process Id"
                          },
                          "pid_version": {
                            "type": "string",
                            "title": "Process Id version"
                          },
                          "process_path": {
                            "type": "string",
                            "title": "Process path"
                          },
                          "md5": {
                            "type": "string",
                            "title": "md5"
                          },
                          "sha1": {
                            "type": "string",
                            "title": "sha1"
                          },
                          "sha256": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "sha256"
                          },
                          "sha512": {
                            "type": "string",
                            "title": "sha512"
                          },
                          "user": {
                            "type": "string",
                            "title": "user"
                          }
                        }
                      }
                    },
                    "total": {
                      "type": "integer",
                      "title": "Total"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.search"
      }
    },
    "/nebula/v1/flight-recorder/process_graph": {
      "post": {
        "description": "Search the process graph.",
        "summary": "Search the process graph",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder process_graph request",
                "required": [
                  "pid",
                  "path",
                  "machine_id"
                ],
                "properties": {
                  "time_range": {
                    "type": "string",
                    "title": "Time range",
                    "enum": [
                      "7d",
                      "3d",
                      "24h",
                      "12h",
                      "6h",
                      "3h",
                      "1h",
                      "30m"
                    ],
                    "default": "7d"
                  },
                  "time_window": {
                    "type": "object",
                    "title": "Time window",
                    "properties": {
                      "gte": {
                        "type": "string",
                        "title": "Time window greater than or equal to date"
                      },
                      "lte": {
                        "type": "string",
                        "title": "Time window lower than or equal to date"
                      }
                    }
                  },
                  "account_id": {
                    "type": "string",
                    "title": "Account Id"
                  },
                  "machine_id": {
                    "type": "string",
                    "title": "Machine id"
                  },
                  "pid": {
                    "type": "string",
                    "title": "Process Id"
                  },
                  "path": {
                    "type": "string",
                    "title": "Process path"
                  },
                  "pid_version": {
                    "type": "string",
                    "title": "Process Id version filter",
                    "default": 0
                  },
                  "os_type": {
                    "type": "string",
                    "title": "Os Type filter",
                    "default": "Windows"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Flight Recorder process_graph result",
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "Id"
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "node_type": {
                      "type": "string",
                      "title": "Node type"
                    },
                    "children": {
                      "type": "array",
                      "title": "The Children nodes",
                      "items": {
                        "type": "object",
                        "title": "The Children node, recursive structure",
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "id"
                          },
                          "name": {
                            "type": "string",
                            "title": "Name"
                          },
                          "edge_info": {
                            "type": "object",
                            "description": "Edge Info",
                            "properties": {
                              "command_line": {
                                "type": "string",
                                "title": "Command line"
                              },
                              "timestamp": {
                                "type": "string",
                                "format": "date-time",
                                "title": "Timestamp"
                              },
                              "relation": {
                                "type": "string",
                                "title": "Relation"
                              }
                            }
                          },
                          "node_type": {
                            "type": "string",
                            "title": "Node type"
                          },
                          "node_info": {
                            "type": "object",
                            "title": "Node info",
                            "properties": {
                              "activities": {
                                "type": "array",
                                "title": "Activities"
                              },
                              "process_id": {
                                "type": "string",
                                "title": "Process Id"
                              },
                              "dropped": {
                                "type": "boolean",
                                "title": "Dropped"
                              },
                              "process_path": {
                                "type": "string",
                                "title": "Process Path"
                              },
                              "main_node": {
                                "type": "boolean",
                                "title": "Main Node"
                              }
                            }
                          }
                        }
                      }
                    },
                    "node_info": {
                      "type": "object",
                      "title": "Node metadata",
                      "additionalProperties": true
                    },
                    "edge_info": {
                      "type": "object",
                      "title": "Edge node info",
                      "additionalProperties": true
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.process_graph"
      }
    },
    "/nebula/v1/flight-recorder/raw_events": {
      "post": {
        "description": "Retrieve a list of raw events matching the given filters for the specified endpoint.",
        "summary": "Search a list of raw events",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Flight Recorder raw_events request",
                "required": [
                  "machine_id",
                  "pid",
                  "pid_version",
                  "path",
                  "event_type",
                  "first_activity",
                  "last_activity"
                ],
                "properties": {
                  "machine_id": {
                    "type": "string",
                    "title": "Machine id"
                  },
                  "pid": {
                    "type": "string",
                    "title": "Process Id filter"
                  },
                  "pid_version": {
                    "type": "string",
                    "title": "Process Id version filter"
                  },
                  "path": {
                    "type": "string",
                    "title": "Process Path"
                  },
                  "event_type": {
                    "type": "string",
                    "enum": [
                      "ANTIMALWARE_SCAN",
                      "FILE_DELETE",
                      "FILE_READ",
                      "FILE_RENAME",
                      "FILE_SET_INFORMATION",
                      "FILE_WRITE",
                      "NET_CONNECT_INBOUND",
                      "NET_CONNECT_INBOUND_PRIVATE",
                      "NET_CONNECT_OUTBOUND",
                      "NET_CONNECT_OUTBOUND_PRIVATE",
                      "REG_QUERY_VALUE",
                      "REG_SET_VALUE",
                      "SYSTEM_CALL",
                      "SYSTEM_EVENT",
                      "WIN_LOG"
                    ],
                    "title": "Raw event's type filter"
                  },
                  "first_activity": {
                    "type": "string",
                    "title": "Initial date",
                    "format": "date-time"
                  },
                  "last_activity": {
                    "type": "string",
                    "title": "Last date",
                    "format": "date-time"
                  },
                  "page": {
                    "type": "integer",
                    "minimum": 1,
                    "title": "Page number"
                  },
                  "page_size": {
                    "type": "integer",
                    "minimum": 1,
                    "title": "Page size"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Flight Recorder raw_events result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "Results",
                      "items": {
                        "type": "object",
                        "properties": {
                          "account_id": {
                            "type": "string",
                            "title": "Account Id"
                          },
                          "amsi_data": {
                            "type": "string",
                            "title": "Amsi data"
                          },
                          "amsi_data_type": {
                            "type": "string",
                            "title": "Amsi data type"
                          },
                          "command_line": {
                            "type": "string",
                            "title": "Command line"
                          },
                          "create_options": {
                            "type": "string",
                            "title": "Create Options"
                          },
                          "etw_data": {
                            "type": "string",
                            "title": "Etw data"
                          },
                          "event_category": {
                            "type": "string",
                            "title": "Event Category"
                          },
                          "event_type": {
                            "type": "string",
                            "title": "Event type"
                          },
                          "evt_log_data": {
                            "type": "string",
                            "title": "Event log data"
                          },
                          "hostname": {
                            "type": "string",
                            "title": "Hostname"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Machine id"
                          },
                          "ipv4_local_ip": {
                            "type": "string",
                            "title": "IPv4 local IP"
                          },
                          "ipv4_remote_country_code": {
                            "type": "string",
                            "title": "IPv4 remote country code"
                          },
                          "ipv4_remote_ip": {
                            "type": "string",
                            "title": "IPv4 remote IP"
                          },
                          "ipv6_local_ip": {
                            "type": "string",
                            "title": "IPv6 local IP"
                          },
                          "ipv6_remote_country_code": {
                            "type": "string",
                            "title": "IPv6 remote country code"
                          },
                          "ipv6_remote_ip": {
                            "type": "string",
                            "title": "IPv6 remote IP"
                          },
                          "local_port": {
                            "type": "string",
                            "title": "Local port"
                          },
                          "new_name": {
                            "type": "string",
                            "title": "New name"
                          },
                          "new_path": {
                            "type": "string",
                            "title": "New path"
                          },
                          "new_process_id": {
                            "type": "string",
                            "title": "New process id"
                          },
                          "object_name": {
                            "type": "string",
                            "title": "Object name"
                          },
                          "object_path": {
                            "type": "string",
                            "title": "Object path"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          },
                          "protocol": {
                            "type": "string",
                            "title": "Protocol"
                          },
                          "registry_data": {
                            "type": "string",
                            "title": "Registry data"
                          },
                          "registry_data_type": {
                            "type": "string",
                            "title": "Registry data type"
                          },
                          "registry_key": {
                            "type": "string",
                            "title": "Registry key"
                          },
                          "registry_value": {
                            "type": "string",
                            "title": "Registry value"
                          },
                          "remote_port": {
                            "type": "string",
                            "title": "Remote port"
                          },
                          "sha256": {
                            "type": "string",
                            "title": "SHA256"
                          },
                          "stream_id": {
                            "type": "string",
                            "title": "Stream id"
                          },
                          "winlog_event_id": {
                            "type": "string",
                            "title": "Winlog event id"
                          },
                          "timestamp": {
                            "type": "string",
                            "title": "Timestamp"
                          }
                        }
                      }
                    },
                    "total": {
                      "type": "integer",
                      "title": "Total"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Flight-recorder"
        ],
        "operationId": "api.nebula.post.flightrecorder.raw_events"
      }
    },
    "/nebula/v1/sa": {
      "get": {
        "description": "Fetch suspicious activity records of the account.",
        "summary": "Suspicious activity of the account",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sort_field",
            "required": false,
            "in": "query",
            "description": "Sort field",
            "schema": {
              "type": "string",
              "enum": [
                "timestamp",
                "level",
                "pc_hostname"
              ]
            }
          },
          {
            "name": "sort_direction",
            "required": false,
            "in": "query",
            "description": "Sort direction",
            "schema": {
              "type": "string",
              "enum": [
                "asc",
                "desc"
              ]
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "since",
            "required": false,
            "in": "query",
            "description": "Since (Ex. \"2020-03-23T17:23:17.860482Z\")",
            "schema": {
              "type": "string",
              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$"
            }
          },
          {
            "name": "group_ids",
            "required": false,
            "in": "query",
            "description": "Group ID",
            "schema": {
              "type": [
                "string",
                "array"
              ],
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "per_page",
            "required": false,
            "in": "query",
            "description": "Page size",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Suspicious activity response",
                  "required": [
                    "sa",
                    "total_count"
                  ],
                  "properties": {
                    "sa": {
                      "type": "array",
                      "title": "Suspicious activity",
                      "items": {
                        "type": "object",
                        "title": "Suspicious activity items",
                        "additionalProperties": true,
                        "properties": {
                          "detection_id_list": {
                            "type": "array",
                            "title": "List of detections IDs",
                            "items": {
                              "type": "number"
                            }
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "timestamp": {
                            "type": "string",
                            "title": "Timestamp"
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "pc_hostname": {
                            "type": "string",
                            "title": "Hostname of PC"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "placeholder"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID"
                          },
                          "closed": {
                            "type": "integer",
                            "title": "Closed"
                          },
                          "level": {
                            "type": "integer",
                            "title": "Level"
                          },
                          "detected_by_count": {
                            "type": "integer",
                            "title": "Count"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Suspicious Activity"
        ],
        "operationId": "api.nebula.get.suspiciousactivity"
      }
    },
    "/nebula/v1/sa/{id}/process_graph": {
      "get": {
        "description": "Fetch process graph of suspicious activity.",
        "summary": "Suspicious activity process graph",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "ID of suspicious activity",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Process graph of suspicious activity",
                  "additionalProperties": true,
                  "properties": {
                    "data": {
                      "type": "object",
                      "title": "Data",
                      "additionalProperties": true,
                      "properties": {
                        "node_type": {
                          "type": "string",
                          "title": "Node type"
                        },
                        "children": {
                          "type": "array",
                          "title": "Children of this node",
                          "default": [],
                          "additionalItems": true,
                          "items": {
                            "type": "object",
                            "title": "Items of childres",
                            "additionalProperties": true,
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "ID"
                              },
                              "name": {
                                "type": "string",
                                "title": "Name",
                                "examples": [
                                  "EXPLORER.EXE"
                                ]
                              },
                              "node_type": {
                                "type": "string",
                                "title": "Node type",
                                "examples": [
                                  "Process"
                                ]
                              },
                              "children": {
                                "type": "array",
                                "title": "Children of this node. Follows the same structure as current node.",
                                "additionalItems": true,
                                "items": {
                                  "type": "object",
                                  "title": "Children items",
                                  "additionalProperties": true
                                }
                              },
                              "node_info": {
                                "type": "object",
                                "title": "Node info",
                                "additionalProperties": true,
                                "properties": {
                                  "activities": {
                                    "type": "array",
                                    "title": "Activities",
                                    "default": [],
                                    "items": {
                                      "type": "object",
                                      "title": "Activities items",
                                      "additionalProperties": true
                                    },
                                    "additionalItems": true
                                  },
                                  "process_id": {
                                    "type": "integer",
                                    "title": "Process id - PID",
                                    "examples": [
                                      5696
                                    ]
                                  },
                                  "dropped": {
                                    "type": "boolean",
                                    "title": "Dropped"
                                  },
                                  "process_path": {
                                    "type": "string",
                                    "title": "Process path",
                                    "examples": [
                                      "C:\\WINDOWS\\EXPLORER.EXE"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        "name": {
                          "type": "string",
                          "title": "Name",
                          "examples": [
                            "START"
                          ]
                        },
                        "id": {
                          "type": "string",
                          "title": "ID",
                          "examples": [
                            "-"
                          ]
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Suspicious Activity"
        ],
        "operationId": "api.nebula.get.suspiciousactivity.process_graph"
      }
    },
    "/nebula/v1/sa/details": {
      "post": {
        "description": "Fetch details of suspicious activity.",
        "summary": "Suspicious activity details",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Suspicious activity request payload",
                "required": [
                  "detection_id_list",
                  "endpoint"
                ],
                "properties": {
                  "detection_id_list": {
                    "type": "array",
                    "title": "List of Suspicious Activity IDs",
                    "items": {
                      "type": "integer",
                      "title": "Suspicious Activity IDs",
                      "examples": [
                        274304,
                        7874825
                      ]
                    }
                  },
                  "endpoint": {
                    "type": "string",
                    "title": "UUID of the endpoint",
                    "examples": [
                      "3fdbe4c1-8a80-4a57-8369-9ec4399fbf0b"
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Details of suspicious activities",
                  "additionalProperties": true,
                  "properties": {
                    "data": {
                      "type": "object",
                      "title": "The Details Schema",
                      "additionalProperties": true,
                      "properties": {
                        "resolved": {
                          "type": [
                            "null",
                            "string",
                            "number"
                          ],
                          "title": "The Resolved Schema"
                        },
                        "pc_hostname": {
                          "type": "string",
                          "title": "Hostname of PC"
                        },
                        "status": {
                          "type": "string",
                          "title": "Status"
                        },
                        "tot": {
                          "type": "integer",
                          "title": "Count of suspicious activities"
                        },
                        "list": {
                          "type": "array",
                          "title": "List of suspicious activities",
                          "additionalItems": true,
                          "items": {
                            "type": "object",
                            "title": "List items",
                            "additionalProperties": true,
                            "properties": {
                              "status": {
                                "type": "string",
                                "title": "Status",
                                "examples": [
                                  "detected"
                                ]
                              },
                              "timestamp": {
                                "type": "string",
                                "title": "Timestamp"
                              },
                              "path": {
                                "type": "string",
                                "title": "Path",
                                "examples": [
                                  "C:\\WINDOWS\\SYSTEM32\\CMD.EXE"
                                ]
                              },
                              "detection_id": {
                                "type": "integer",
                                "title": "Id of the suspicious activity"
                              },
                              "details": {
                                "type": "array",
                                "title": "Collection of details about suspicious activity",
                                "additionalItems": true,
                                "items": {
                                  "type": "object",
                                  "title": "Detail items",
                                  "additionalProperties": true,
                                  "properties": {
                                    "timestamp": {
                                      "type": "string",
                                      "title": "Timestamp",
                                      "examples": [
                                        "2020-03-25 14:56:12"
                                      ]
                                    },
                                    "path": {
                                      "type": "string",
                                      "title": "Path",
                                      "examples": [
                                        "C:\\WINDOWS\\SYSTEM32\\WINDOWSPOWERSHELL\\V1.0\\POWERSHELL.EXE"
                                      ]
                                    },
                                    "detected_by": {
                                      "type": "array",
                                      "title": "Detected by collection",
                                      "additionalItems": true,
                                      "items": {
                                        "type": "object",
                                        "title": "Detected by items",
                                        "additionalProperties": true,
                                        "properties": {
                                          "description": {
                                            "type": "string",
                                            "title": "Description",
                                            "examples": [
                                              "A suspicious script has been executed by Powershell"
                                            ]
                                          },
                                          "verbose": {
                                            "type": "string",
                                            "title": "Verbose Description",
                                            "examples": [
                                              "A suspicious script has been executed by Powershell"
                                            ]
                                          },
                                          "tag": {
                                            "type": "string",
                                            "title": "Tag",
                                            "examples": [
                                              "powershell scripting activity"
                                            ]
                                          },
                                          "content": {
                                            "type": "array",
                                            "title": "The Content Schema",
                                            "default": [],
                                            "examples": [
                                              [
                                                {
                                                  "launched_proc": "POWERSHELL.EXE",
                                                  "hash": {
                                                    "Sha256": "908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53",
                                                    "Sha1": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                                    "Md5": "cda48fc75952ad12d99e526d0b6bf70a",
                                                    "Sha512": "31946a5c80088646fe951081e88a7478b804da874236a44e845842404c9770450c9b1ac3bb1af2b00b0102fe4983b5728fe4df8c40d28f9bef16230a28ae5df0"
                                                  },
                                                  "command_line": "\"C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -ExecutionPolicy Bypass -windowstyle hidden -File \"C:\\Program Files\\EAWindowsTool\\EAWindowsTool.ps1 "
                                                }
                                              ]
                                            ],
                                            "additionalItems": true,
                                            "items": {
                                              "type": "object",
                                              "title": "The Items Schema",
                                              "additionalProperties": true,
                                              "properties": {
                                                "command_line": {
                                                  "type": "string",
                                                  "title": "Command line",
                                                  "examples": [
                                                    "\"C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -ExecutionPolicy Bypass -windowstyle hidden -File \"C:\\Program Files\\EAWindowsTool\\EAWindowsTool.ps1 "
                                                  ]
                                                },
                                                "hash": {
                                                  "type": "object",
                                                  "title": "Hashes",
                                                  "additionalProperties": true,
                                                  "properties": {
                                                    "Md5": {
                                                      "type": "string",
                                                      "title": "Md5"
                                                    },
                                                    "Sha1": {
                                                      "type": "string",
                                                      "title": "Sha1",
                                                      "examples": [
                                                        "36c5d12033b2eaf251bae61c00690ffb17fddc87"
                                                      ]
                                                    },
                                                    "Sha256": {
                                                      "type": "string",
                                                      "title": "Sha256",
                                                      "examples": [
                                                        "908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53"
                                                      ]
                                                    },
                                                    "Sha512": {
                                                      "type": "string",
                                                      "title": "Sha512",
                                                      "examples": [
                                                        "31946a5c80088646fe951081e88a7478b804da874236a44e845842404c9770450c9b1ac3bb1af2b00b0102fe4983b5728fe4df8c40d28f9bef16230a28ae5df0"
                                                      ]
                                                    }
                                                  }
                                                },
                                                "launched_proc": {
                                                  "type": "string",
                                                  "title": "Launched process",
                                                  "examples": [
                                                    "POWERSHELL.EXE"
                                                  ]
                                                }
                                              }
                                            }
                                          },
                                          "level": {
                                            "type": "integer",
                                            "title": "Level"
                                          }
                                        }
                                      }
                                    },
                                    "pid": {
                                      "type": "integer",
                                      "title": "Process ID"
                                    }
                                  }
                                }
                              },
                              "pid": {
                                "type": "integer",
                                "title": "Process ID"
                              }
                            }
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Suspicious Activity"
        ],
        "operationId": "api.nebula.post.suspiciousactivity.details"
      }
    },
    "/nebula/v1/sandbox/submissions": {
      "post": {
        "description": "Search the sandbox submission results",
        "summary": "Search the sandbox submission results",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Sandbox submissions search request",
                "type": "object",
                "additionalProperties": false,
                "properties": {
                  "file_name": {
                    "type": "string"
                  },
                  "md5": {
                    "type": "string",
                    "pattern": "^[a-fA-F0-9]{32}$"
                  },
                  "result": {
                    "type": "array",
                    "items": {
                      "type": "string",
                      "enum": [
                        "clean",
                        "malicious",
                        "unknown"
                      ]
                    }
                  },
                  "status": {
                    "type": "array",
                    "items": {
                      "type": "string",
                      "enum": [
                        "pending",
                        "processing"
                      ]
                    }
                  },
                  "ext": {
                    "type": "array",
                    "items": {
                      "type": "string",
                      "enum": [
                        "exe32",
                        "exe64",
                        "dll32",
                        "dll64"
                      ]
                    }
                  },
                  "upload_source": {
                    "type": "string",
                    "items": {
                      "type": "string",
                      "enum": [
                        "ars",
                        "automatic",
                        "frs",
                        "manual",
                        "sa"
                      ]
                    }
                  },
                  "timestamp": {
                    "gte": {
                      "type": "string",
                      "examples": [
                        "2023-11-16 00:00:00"
                      ]
                    },
                    "lte": {
                      "type": "string",
                      "examples": [
                        "2023-11-16 23:59:59"
                      ]
                    },
                    "time_zone": {
                      "type": "string",
                      "examples": [
                        "+02:00"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Sandbox submissions response schema",
                  "type": "object",
                  "additionalProperties": false,
                  "properties": {
                    "data": {
                      "total_unfiltered": {
                        "type": "number"
                      },
                      "total": {
                        "type": "number"
                      },
                      "rows": {
                        "type": "array",
                        "items": {
                          "type": "object",
                          "properties": {
                            "id": {
                              "type": "number"
                            },
                            "upload_source": {
                              "type": "string"
                            },
                            "account_id": {
                              "type": "string",
                              "format": "uuid"
                            },
                            "file_path": {
                              "type": "string"
                            },
                            "machine_id": {
                              "type": "string",
                              "format": "uuid"
                            },
                            "pc_hostname": {
                              "type": "string"
                            },
                            "timestamp": {
                              "type": "string"
                            },
                            "file_name": {
                              "type": "string"
                            },
                            "file_size": {
                              "type": "number"
                            },
                            "rule_count": {
                              "type": "number"
                            },
                            "status": {
                              "type": "string"
                            },
                            "result": {
                              "type": "string"
                            },
                            "md5": {
                              "type": "string"
                            },
                            "sha512": {
                              "type": "string"
                            },
                            "sha1": {
                              "type": "string"
                            },
                            "sha256": {
                              "type": "string"
                            },
                            "ext": {
                              "type": "string"
                            },
                            "file_format": {
                              "type": "string"
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Sandbox"
        ],
        "operationId": "api.nebula.search.sandbox.submissions"
      }
    },
    "/nebula/v1/sandbox/upload": {
      "post": {
        "description": "Upload file to the sandbox",
        "summary": "Upload file to the sandbox",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "edr"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Sandbox file upload request",
                "type": "object",
                "additionalProperties": false,
                "properties": {
                  "machine_id": {
                    "type": "string",
                    "format": "uuid",
                    "title": "Machine ID"
                  },
                  "process_path": {
                    "type": "string",
                    "title": "Process Path"
                  },
                  "pc_hostname": {
                    "type": "string",
                    "title": "PC Hostname"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Sandbox file upload request",
                  "type": "object",
                  "additionalProperties": false,
                  "properties": {
                    "status": {
                      "type": "string",
                      "title": "status"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Sandbox"
        ],
        "operationId": "api.nebula.sandbox.upload"
      }
    },
    "/nebula/v1/reports/{id}": {
      "delete": {
        "description": "Delete report by id.",
        "summary": "Delete report by id",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.delete.reports"
      },
      "get": {
        "description": "Get report by id.",
        "summary": "Get report by id",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Report",
                  "required": [
                    "id",
                    "name",
                    "type",
                    "format",
                    "period",
                    "units",
                    "time_zone",
                    "created_by",
                    "created_by_user",
                    "account_id",
                    "created_at"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id of the report (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "type": {
                      "type": "string",
                      "enum": [
                        "Detections",
                        "Quarantine",
                        "Endpoints",
                        "Assets",
                        "Events",
                        "Tasks",
                        "Executive",
                        "DeviceControl",
                        "Vulnerabilities",
                        "Cisa",
                        "Updates",
                        "Patch",
                        "DNS",
                        "CloudStorageDetections",
                        "AppBlock",
                        "Usage",
                        "PatchHistory",
                        "SoftwareUpdateHistory",
                        "CveEvents",
                        "MssMetrics",
                        "Firewall"
                      ],
                      "title": "Report type"
                    },
                    "format": {
                      "type": "string",
                      "enum": [
                        "csv",
                        "pdf"
                      ],
                      "title": "Report format"
                    },
                    "period": {
                      "type": "integer",
                      "title": "Period for the report data",
                      "description": "Period for the report data. if 0 it must be selected when the report is manually generated",
                      "min": 0
                    },
                    "units": {
                      "type": "string",
                      "enum": [
                        "Days",
                        "Weeks",
                        "Months"
                      ],
                      "title": "Unit for period"
                    },
                    "time_zone": {
                      "type": "string",
                      "title": "Time Zone"
                    },
                    "recurrence": {
                      "type": "object",
                      "nullable": true,
                      "title": "Recurrence details",
                      "properties": {
                        "days_of_month": {
                          "type": "array",
                          "items": {
                            "type": "integer",
                            "min": 1,
                            "max": 31
                          }
                        },
                        "days_of_week": {
                          "type": "array",
                          "items": {
                            "type": "string",
                            "enum": [
                              "Monday",
                              "Tuesday",
                              "Wednesday",
                              "Thursday",
                              "Friday",
                              "Saturday",
                              "Sunday"
                            ]
                          }
                        },
                        "recur": {
                          "type": "string",
                          "enum": [
                            "Daily",
                            "Weekly",
                            "Monthly"
                          ],
                          "title": "Recurrence type"
                        }
                      }
                    },
                    "recipients": {
                      "type": "array",
                      "title": "Email addresses of recipients",
                      "items": {
                        "type": "string",
                        "format": "email",
                        "title": "Email of a recipient"
                      }
                    },
                    "email_subject": {
                      "type": "string",
                      "title": "Report email subject"
                    },
                    "notes": {
                      "type": "string",
                      "title": "Additional notes"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by user Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "created_by_user": {
                      "type": "string",
                      "title": "Created by username"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at",
                      "examples": [
                        "2021-03-16T15:31:48.241991Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2021-03-16T15:34:54.805926Z"
                      ]
                    },
                    "last_generation_at": {
                      "type": "string",
                      "title": "Last generated at",
                      "examples": [
                        "2021-03-16T15:34:54.759098Z"
                      ]
                    },
                    "next_generation_at": {
                      "type": "string",
                      "title": "Next generation scheduled at",
                      "nullable": true,
                      "examples": [
                        "2021-03-16T15:34:54.759098Z"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.get.reports"
      },
      "put": {
        "description": "Update report.",
        "summary": "Update report",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Report Save",
                "description": "Payload for creating a report",
                "additionalProperties": false,
                "required": [
                  "name",
                  "type",
                  "format",
                  "period",
                  "units",
                  "time_zone"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name"
                  },
                  "type": {
                    "type": "string",
                    "enum": [
                      "Detections",
                      "Quarantine",
                      "Endpoints",
                      "Assets",
                      "Events",
                      "Tasks",
                      "Executive",
                      "DeviceControl",
                      "Vulnerabilities",
                      "Cisa",
                      "Updates",
                      "Patch",
                      "DNS",
                      "CloudStorageDetections",
                      "AppBlock",
                      "PatchHistory",
                      "SoftwareUpdateHistory",
                      "CveEvents",
                      "MssMetrics",
                      "Firewall"
                    ],
                    "title": "Report type"
                  },
                  "period": {
                    "type": "integer",
                    "title": "Period for the report data",
                    "description": "Period for the report data. if 0 it must be selected when the report is manually generated",
                    "min": 0
                  },
                  "units": {
                    "type": "string",
                    "enum": [
                      "Days",
                      "Weeks",
                      "Months"
                    ],
                    "title": "Unit for period"
                  },
                  "format": {
                    "type": "string",
                    "title": "Format of report document",
                    "default": "csv",
                    "enum": [
                      "csv",
                      "pdf"
                    ]
                  },
                  "recurrence": {
                    "type": "object",
                    "nullable": true,
                    "title": "Recurrence details",
                    "properties": {
                      "days_of_month": {
                        "type": "array",
                        "items": {
                          "type": "integer",
                          "min": 1,
                          "max": 31
                        }
                      },
                      "days_of_week": {
                        "type": "array",
                        "items": {
                          "type": "string",
                          "enum": [
                            "Monday",
                            "Tuesday",
                            "Wednesday",
                            "Thursday",
                            "Friday",
                            "Saturday",
                            "Sunday"
                          ]
                        }
                      },
                      "recur": {
                        "type": "string",
                        "enum": [
                          "Daily",
                          "Weekly",
                          "Monthly"
                        ],
                        "title": "Recurrence type"
                      }
                    }
                  },
                  "time_zone": {
                    "type": "string",
                    "title": "Time zone"
                  },
                  "recipients": {
                    "type": "array",
                    "title": "Email addresses of recipients",
                    "items": {
                      "type": "string",
                      "format": "email",
                      "title": "Email of a recipient"
                    }
                  },
                  "email_subject": {
                    "type": "string",
                    "title": "Report email subject",
                    "maxLength": 60
                  },
                  "notes": {
                    "type": "string",
                    "title": "Additional notes",
                    "maxLength": 255
                  }
                },
                "allOf": [
                  {
                    "if": {
                      "properties": {
                        "type": {
                          "enum": [
                            "Tasks",
                            "DeviceControl",
                            "Vulnerabilities",
                            "Cisa",
                            "Updates",
                            "Patch",
                            "DNS",
                            "CloudStorageDetections",
                            "AppBlock"
                          ]
                        }
                      }
                    },
                    "then": {
                      "properties": {
                        "format": {
                          "const": "csv"
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "type": {
                          "enum": [
                            "Endpoints",
                            "Assets"
                          ]
                        }
                      }
                    },
                    "then": {
                      "properties": {
                        "period": {
                          "const": 0
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "units": {
                          "const": "Months"
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "The maximum period is 3 months",
                      "properties": {
                        "period": {
                          "min": 0,
                          "max": 3
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "units": {
                          "const": "Weeks"
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "The maximum period is 3 months",
                      "properties": {
                        "period": {
                          "min": 0,
                          "max": 13
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "units": {
                          "const": "Days"
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "The maximum period is 3 months",
                      "properties": {
                        "period": {
                          "min": 0,
                          "max": 90
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Report",
                  "required": [
                    "id",
                    "name",
                    "type",
                    "format",
                    "period",
                    "units",
                    "time_zone",
                    "created_by",
                    "created_by_user",
                    "account_id",
                    "created_at"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id of the report (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "type": {
                      "type": "string",
                      "enum": [
                        "Detections",
                        "Quarantine",
                        "Endpoints",
                        "Assets",
                        "Events",
                        "Tasks",
                        "Executive",
                        "DeviceControl",
                        "Vulnerabilities",
                        "Cisa",
                        "Updates",
                        "Patch",
                        "DNS",
                        "CloudStorageDetections",
                        "AppBlock",
                        "Usage",
                        "PatchHistory",
                        "SoftwareUpdateHistory",
                        "CveEvents",
                        "MssMetrics",
                        "Firewall"
                      ],
                      "title": "Report type"
                    },
                    "format": {
                      "type": "string",
                      "enum": [
                        "csv",
                        "pdf"
                      ],
                      "title": "Report format"
                    },
                    "period": {
                      "type": "integer",
                      "title": "Period for the report data",
                      "description": "Period for the report data. if 0 it must be selected when the report is manually generated",
                      "min": 0
                    },
                    "units": {
                      "type": "string",
                      "enum": [
                        "Days",
                        "Weeks",
                        "Months"
                      ],
                      "title": "Unit for period"
                    },
                    "time_zone": {
                      "type": "string",
                      "title": "Time Zone"
                    },
                    "recurrence": {
                      "type": "object",
                      "nullable": true,
                      "title": "Recurrence details",
                      "properties": {
                        "days_of_month": {
                          "type": "array",
                          "items": {
                            "type": "integer",
                            "min": 1,
                            "max": 31
                          }
                        },
                        "days_of_week": {
                          "type": "array",
                          "items": {
                            "type": "string",
                            "enum": [
                              "Monday",
                              "Tuesday",
                              "Wednesday",
                              "Thursday",
                              "Friday",
                              "Saturday",
                              "Sunday"
                            ]
                          }
                        },
                        "recur": {
                          "type": "string",
                          "enum": [
                            "Daily",
                            "Weekly",
                            "Monthly"
                          ],
                          "title": "Recurrence type"
                        }
                      }
                    },
                    "recipients": {
                      "type": "array",
                      "title": "Email addresses of recipients",
                      "items": {
                        "type": "string",
                        "format": "email",
                        "title": "Email of a recipient"
                      }
                    },
                    "email_subject": {
                      "type": "string",
                      "title": "Report email subject"
                    },
                    "notes": {
                      "type": "string",
                      "title": "Additional notes"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by user Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "created_by_user": {
                      "type": "string",
                      "title": "Created by username"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at",
                      "examples": [
                        "2021-03-16T15:31:48.241991Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2021-03-16T15:34:54.805926Z"
                      ]
                    },
                    "last_generation_at": {
                      "type": "string",
                      "title": "Last generated at",
                      "examples": [
                        "2021-03-16T15:34:54.759098Z"
                      ]
                    },
                    "next_generation_at": {
                      "type": "string",
                      "title": "Next generation scheduled at",
                      "nullable": true,
                      "examples": [
                        "2021-03-16T15:34:54.759098Z"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.put.reports"
      }
    },
    "/nebula/v1/reports": {
      "delete": {
        "description": "Delete reports bulk.",
        "summary": "Delete reports bulk",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "report delete bulk",
                "required": [
                  "ids"
                ],
                "properties": {
                  "ids": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    },
                    "title": "Report ids to delete"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.delete.reports.bulk"
      },
      "get": {
        "description": "Get all reports of the given account.",
        "summary": "Get all reports",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Collection of records",
                  "required": [
                    "reports"
                  ],
                  "properties": {
                    "reports": {
                      "type": "array",
                      "title": "Groups",
                      "items": {
                        "type": "object",
                        "title": "Report",
                        "required": [
                          "id",
                          "name",
                          "type",
                          "format",
                          "period",
                          "units",
                          "time_zone",
                          "created_by",
                          "created_by_user",
                          "account_id",
                          "created_at"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The Id of the report (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "title": "Name"
                          },
                          "type": {
                            "type": "string",
                            "enum": [
                              "Detections",
                              "Quarantine",
                              "Endpoints",
                              "Assets",
                              "Events",
                              "Tasks",
                              "Executive",
                              "DeviceControl",
                              "Vulnerabilities",
                              "Cisa",
                              "Updates",
                              "Patch",
                              "DNS",
                              "CloudStorageDetections",
                              "AppBlock",
                              "Usage",
                              "PatchHistory",
                              "SoftwareUpdateHistory",
                              "CveEvents",
                              "MssMetrics",
                              "Firewall"
                            ],
                            "title": "Report type"
                          },
                          "format": {
                            "type": "string",
                            "enum": [
                              "csv",
                              "pdf"
                            ],
                            "title": "Report format"
                          },
                          "period": {
                            "type": "integer",
                            "title": "Period for the report data",
                            "description": "Period for the report data. if 0 it must be selected when the report is manually generated",
                            "min": 0
                          },
                          "units": {
                            "type": "string",
                            "enum": [
                              "Days",
                              "Weeks",
                              "Months"
                            ],
                            "title": "Unit for period"
                          },
                          "time_zone": {
                            "type": "string",
                            "title": "Time Zone"
                          },
                          "recurrence": {
                            "type": "object",
                            "nullable": true,
                            "title": "Recurrence details",
                            "properties": {
                              "days_of_month": {
                                "type": "array",
                                "items": {
                                  "type": "integer",
                                  "min": 1,
                                  "max": 31
                                }
                              },
                              "days_of_week": {
                                "type": "array",
                                "items": {
                                  "type": "string",
                                  "enum": [
                                    "Monday",
                                    "Tuesday",
                                    "Wednesday",
                                    "Thursday",
                                    "Friday",
                                    "Saturday",
                                    "Sunday"
                                  ]
                                }
                              },
                              "recur": {
                                "type": "string",
                                "enum": [
                                  "Daily",
                                  "Weekly",
                                  "Monthly"
                                ],
                                "title": "Recurrence type"
                              }
                            }
                          },
                          "recipients": {
                            "type": "array",
                            "title": "Email addresses of recipients",
                            "items": {
                              "type": "string",
                              "format": "email",
                              "title": "Email of a recipient"
                            }
                          },
                          "email_subject": {
                            "type": "string",
                            "title": "Report email subject"
                          },
                          "notes": {
                            "type": "string",
                            "title": "Additional notes"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "Created by user Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "created_by_user": {
                            "type": "string",
                            "title": "Created by username"
                          },
                          "created_at": {
                            "type": "string",
                            "title": "Created at",
                            "examples": [
                              "2021-03-16T15:31:48.241991Z"
                            ]
                          },
                          "updated_at": {
                            "type": "string",
                            "title": "Updated at",
                            "examples": [
                              "2021-03-16T15:34:54.805926Z"
                            ]
                          },
                          "last_generation_at": {
                            "type": "string",
                            "title": "Last generated at",
                            "examples": [
                              "2021-03-16T15:34:54.759098Z"
                            ]
                          },
                          "next_generation_at": {
                            "type": "string",
                            "title": "Next generation scheduled at",
                            "nullable": true,
                            "examples": [
                              "2021-03-16T15:34:54.759098Z"
                            ]
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.getall.reports"
      },
      "post": {
        "description": "Create report.",
        "summary": "Create report",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Report Save",
                "description": "Payload for creating a report",
                "additionalProperties": false,
                "required": [
                  "name",
                  "type",
                  "format",
                  "period",
                  "units",
                  "time_zone"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "title": "Name"
                  },
                  "type": {
                    "type": "string",
                    "enum": [
                      "Detections",
                      "Quarantine",
                      "Endpoints",
                      "Assets",
                      "Events",
                      "Tasks",
                      "Executive",
                      "DeviceControl",
                      "Vulnerabilities",
                      "Cisa",
                      "Updates",
                      "Patch",
                      "DNS",
                      "CloudStorageDetections",
                      "AppBlock",
                      "PatchHistory",
                      "SoftwareUpdateHistory",
                      "CveEvents",
                      "MssMetrics",
                      "Firewall"
                    ],
                    "title": "Report type"
                  },
                  "period": {
                    "type": "integer",
                    "title": "Period for the report data",
                    "description": "Period for the report data. if 0 it must be selected when the report is manually generated",
                    "min": 0
                  },
                  "units": {
                    "type": "string",
                    "enum": [
                      "Days",
                      "Weeks",
                      "Months"
                    ],
                    "title": "Unit for period"
                  },
                  "format": {
                    "type": "string",
                    "title": "Format of report document",
                    "default": "csv",
                    "enum": [
                      "csv",
                      "pdf"
                    ]
                  },
                  "recurrence": {
                    "type": "object",
                    "nullable": true,
                    "title": "Recurrence details",
                    "properties": {
                      "days_of_month": {
                        "type": "array",
                        "items": {
                          "type": "integer",
                          "min": 1,
                          "max": 31
                        }
                      },
                      "days_of_week": {
                        "type": "array",
                        "items": {
                          "type": "string",
                          "enum": [
                            "Monday",
                            "Tuesday",
                            "Wednesday",
                            "Thursday",
                            "Friday",
                            "Saturday",
                            "Sunday"
                          ]
                        }
                      },
                      "recur": {
                        "type": "string",
                        "enum": [
                          "Daily",
                          "Weekly",
                          "Monthly"
                        ],
                        "title": "Recurrence type"
                      }
                    }
                  },
                  "time_zone": {
                    "type": "string",
                    "title": "Time zone"
                  },
                  "recipients": {
                    "type": "array",
                    "title": "Email addresses of recipients",
                    "items": {
                      "type": "string",
                      "format": "email",
                      "title": "Email of a recipient"
                    }
                  },
                  "email_subject": {
                    "type": "string",
                    "title": "Report email subject",
                    "maxLength": 60
                  },
                  "notes": {
                    "type": "string",
                    "title": "Additional notes",
                    "maxLength": 255
                  }
                },
                "allOf": [
                  {
                    "if": {
                      "properties": {
                        "type": {
                          "enum": [
                            "Tasks",
                            "DeviceControl",
                            "Vulnerabilities",
                            "Cisa",
                            "Updates",
                            "Patch",
                            "DNS",
                            "CloudStorageDetections",
                            "AppBlock"
                          ]
                        }
                      }
                    },
                    "then": {
                      "properties": {
                        "format": {
                          "const": "csv"
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "type": {
                          "enum": [
                            "Endpoints",
                            "Assets"
                          ]
                        }
                      }
                    },
                    "then": {
                      "properties": {
                        "period": {
                          "const": 0
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "units": {
                          "const": "Months"
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "The maximum period is 3 months",
                      "properties": {
                        "period": {
                          "min": 0,
                          "max": 3
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "units": {
                          "const": "Weeks"
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "The maximum period is 3 months",
                      "properties": {
                        "period": {
                          "min": 0,
                          "max": 13
                        }
                      }
                    }
                  },
                  {
                    "if": {
                      "properties": {
                        "units": {
                          "const": "Days"
                        }
                      }
                    },
                    "then": {
                      "errorMessage": "The maximum period is 3 months",
                      "properties": {
                        "period": {
                          "min": 0,
                          "max": 90
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Report",
                  "required": [
                    "id",
                    "name",
                    "type",
                    "format",
                    "period",
                    "units",
                    "time_zone",
                    "created_by",
                    "created_by_user",
                    "account_id",
                    "created_at"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The Id of the report (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "title": "Name"
                    },
                    "type": {
                      "type": "string",
                      "enum": [
                        "Detections",
                        "Quarantine",
                        "Endpoints",
                        "Assets",
                        "Events",
                        "Tasks",
                        "Executive",
                        "DeviceControl",
                        "Vulnerabilities",
                        "Cisa",
                        "Updates",
                        "Patch",
                        "DNS",
                        "CloudStorageDetections",
                        "AppBlock",
                        "Usage",
                        "PatchHistory",
                        "SoftwareUpdateHistory",
                        "CveEvents",
                        "MssMetrics",
                        "Firewall"
                      ],
                      "title": "Report type"
                    },
                    "format": {
                      "type": "string",
                      "enum": [
                        "csv",
                        "pdf"
                      ],
                      "title": "Report format"
                    },
                    "period": {
                      "type": "integer",
                      "title": "Period for the report data",
                      "description": "Period for the report data. if 0 it must be selected when the report is manually generated",
                      "min": 0
                    },
                    "units": {
                      "type": "string",
                      "enum": [
                        "Days",
                        "Weeks",
                        "Months"
                      ],
                      "title": "Unit for period"
                    },
                    "time_zone": {
                      "type": "string",
                      "title": "Time Zone"
                    },
                    "recurrence": {
                      "type": "object",
                      "nullable": true,
                      "title": "Recurrence details",
                      "properties": {
                        "days_of_month": {
                          "type": "array",
                          "items": {
                            "type": "integer",
                            "min": 1,
                            "max": 31
                          }
                        },
                        "days_of_week": {
                          "type": "array",
                          "items": {
                            "type": "string",
                            "enum": [
                              "Monday",
                              "Tuesday",
                              "Wednesday",
                              "Thursday",
                              "Friday",
                              "Saturday",
                              "Sunday"
                            ]
                          }
                        },
                        "recur": {
                          "type": "string",
                          "enum": [
                            "Daily",
                            "Weekly",
                            "Monthly"
                          ],
                          "title": "Recurrence type"
                        }
                      }
                    },
                    "recipients": {
                      "type": "array",
                      "title": "Email addresses of recipients",
                      "items": {
                        "type": "string",
                        "format": "email",
                        "title": "Email of a recipient"
                      }
                    },
                    "email_subject": {
                      "type": "string",
                      "title": "Report email subject"
                    },
                    "notes": {
                      "type": "string",
                      "title": "Additional notes"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "Created by user Id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "created_by_user": {
                      "type": "string",
                      "title": "Created by username"
                    },
                    "created_at": {
                      "type": "string",
                      "title": "Created at",
                      "examples": [
                        "2021-03-16T15:31:48.241991Z"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "title": "Updated at",
                      "examples": [
                        "2021-03-16T15:34:54.805926Z"
                      ]
                    },
                    "last_generation_at": {
                      "type": "string",
                      "title": "Last generated at",
                      "examples": [
                        "2021-03-16T15:34:54.759098Z"
                      ]
                    },
                    "next_generation_at": {
                      "type": "string",
                      "title": "Next generation scheduled at",
                      "nullable": true,
                      "examples": [
                        "2021-03-16T15:34:54.759098Z"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.post.reports"
      }
    },
    "/nebula/v1/reports/{id}/generate": {
      "post": {
        "description": "Generate report.",
        "summary": "Generate report",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "report Generate",
                "properties": {
                  "start": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Period start"
                  },
                  "end": {
                    "type": "string",
                    "format": "date-time",
                    "title": "Period end"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Reports"
        ],
        "operationId": "api.nebula.post.reports.generate"
      }
    },
    "/nebula/v1/users/{id}": {
      "delete": {
        "description": "Delete a nebula user.",
        "summary": "Delete a nebula user",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Users"
        ],
        "operationId": "api.nebula.delete.users"
      },
      "get": {
        "description": "Get one user.",
        "summary": "Get one user",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Nebula user model",
                  "description": "Nebula user model",
                  "examples": [
                    {
                      "id": "16ea2ecb-bc28-43e2-b66f-9edc48bef56f",
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "display_name": "Alice Bob",
                      "email": "alicebob@malwarebytes.com",
                      "last_login_at": "2018-10-05T15:15:36.116105Z",
                      "unconfirmed_email": "",
                      "ars_permission": true,
                      "role": "SuperAdmin",
                      "impersonation_authorized_until": null,
                      "all_groups_access": true,
                      "group_ids": [],
                      "otp_enabled": false,
                      "otp_recovery_email": "test@gmail.com",
                      "otp_recovery_email_status": "Verified"
                    }
                  ],
                  "required": [
                    "id",
                    "account_id",
                    "display_name",
                    "role",
                    "all_groups_access",
                    "group_ids"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The id schema",
                      "description": "The unique identifier of the user.",
                      "default": "",
                      "examples": [
                        "16ea2ecb-bc28-43e2-b66f-9edc48bef56f"
                      ]
                    },
                    "ars_permission": {
                      "type": "boolean",
                      "title": "ARS permission",
                      "description": "ARS permission for the iuser",
                      "default": false,
                      "examples": [
                        false
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account_id",
                      "description": "Account id.",
                      "default": "",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "display_name": {
                      "type": "string",
                      "title": "User display ame",
                      "description": "The display name of the user.",
                      "default": "",
                      "examples": [
                        "Alice Bob"
                      ]
                    },
                    "email": {
                      "type": "string",
                      "title": "Email",
                      "description": "Email.",
                      "default": "",
                      "examples": [
                        "alicebob@malwarebytes.com"
                      ]
                    },
                    "last_login_at": {
                      "type": "string",
                      "title": "The last time this user logged in",
                      "description": "Last login time",
                      "default": "",
                      "examples": [
                        "2018-10-05T15:15:36.116105Z"
                      ]
                    },
                    "unconfirmed_email": {
                      "type": "string",
                      "title": "Unconfirmed email",
                      "description": "Unconfirmed email.",
                      "default": "",
                      "examples": [
                        ""
                      ]
                    },
                    "role": {
                      "type": "string",
                      "title": "The Role of the user",
                      "description": "The role of the user.",
                      "default": "",
                      "enum": [
                        "SuperAdmin",
                        "Admin",
                        "ReadOnlyUser"
                      ],
                      "examples": [
                        "SuperAdmin"
                      ]
                    },
                    "all_groups_access": {
                      "type": "boolean",
                      "title": "Whether the user has access to all groups or not (applies to admin and readonly users)",
                      "default": false,
                      "examples": [
                        true
                      ]
                    },
                    "group_ids": {
                      "type": "array",
                      "title": "The group_ids schema",
                      "default": [],
                      "additionalItems": true,
                      "items": {
                        "type": "string",
                        "title": "Unique identifier of groups to which this user is assigned to"
                      }
                    },
                    "otp_enabled": {
                      "type": "boolean",
                      "title": "The otp_enabled schema",
                      "description": "Whether OTP is enabled or not.",
                      "default": false,
                      "examples": [
                        false
                      ]
                    },
                    "otp_recovery_email": {
                      "type": "string",
                      "title": "The opt recovery email",
                      "description": "The opt recovery email",
                      "default": "",
                      "examples": [
                        "alicebob@malwarebytes.com"
                      ]
                    },
                    "otp_recovery_email_status": {
                      "type": "string",
                      "title": "The opt recovery email status",
                      "description": "The opt recovery email status",
                      "default": "AwaitingSetup",
                      "examples": [
                        "AwaitingSetup",
                        "PendingVerification",
                        "ExpiredVerification",
                        "Verified"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Users"
        ],
        "operationId": "api.nebula.get.user"
      },
      "put": {
        "description": "Update user.",
        "summary": "Update user",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$schema": "http://json-schema.org/draft-07/schema",
                "type": "object",
                "title": "Nebula user model",
                "description": "Nebula user model",
                "examples": [
                  {
                    "role": "SuperAdmin",
                    "all_groups_access": true,
                    "group_ids": []
                  }
                ],
                "required": [
                  "role",
                  "all_groups_access",
                  "group_ids"
                ],
                "properties": {
                  "role": {
                    "type": "string",
                    "title": "The Role of the user",
                    "description": "The role of the user.",
                    "enum": [
                      "SuperAdmin",
                      "Admin",
                      "ReadOnlyUser"
                    ],
                    "examples": [
                      "SuperAdmin"
                    ]
                  },
                  "ars_permission": {
                    "type": "boolean",
                    "title": "ARS permission",
                    "description": "ARS permission for the iuser",
                    "default": false,
                    "examples": [
                      false
                    ]
                  },
                  "all_groups_access": {
                    "type": "boolean",
                    "title": "Whether the user has access to all groups or not (applies to admin and readonly users)",
                    "default": false,
                    "examples": [
                      true
                    ]
                  },
                  "group_ids": {
                    "type": "array",
                    "title": "The group_ids schema",
                    "default": [],
                    "additionalItems": true,
                    "items": {
                      "type": "string",
                      "title": "Unique identifier of groups to which this user is assigned to"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Nebula user model",
                  "description": "Nebula user model",
                  "examples": [
                    {
                      "id": "16ea2ecb-bc28-43e2-b66f-9edc48bef56f",
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "display_name": "Alice Bob",
                      "email": "alicebob@malwarebytes.com",
                      "last_login_at": "2018-10-05T15:15:36.116105Z",
                      "unconfirmed_email": "",
                      "ars_permission": true,
                      "role": "SuperAdmin",
                      "impersonation_authorized_until": null,
                      "all_groups_access": true,
                      "group_ids": [],
                      "otp_enabled": false,
                      "otp_recovery_email": "test@gmail.com",
                      "otp_recovery_email_status": "Verified"
                    }
                  ],
                  "required": [
                    "id",
                    "account_id",
                    "display_name",
                    "role",
                    "all_groups_access",
                    "group_ids"
                  ],
                  "properties": {
                    "id": {
                      "type": "string",
                      "title": "The id schema",
                      "description": "The unique identifier of the user.",
                      "default": "",
                      "examples": [
                        "16ea2ecb-bc28-43e2-b66f-9edc48bef56f"
                      ]
                    },
                    "ars_permission": {
                      "type": "boolean",
                      "title": "ARS permission",
                      "description": "ARS permission for the iuser",
                      "default": false,
                      "examples": [
                        false
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "title": "The account_id",
                      "description": "Account id.",
                      "default": "",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "display_name": {
                      "type": "string",
                      "title": "User display ame",
                      "description": "The display name of the user.",
                      "default": "",
                      "examples": [
                        "Alice Bob"
                      ]
                    },
                    "email": {
                      "type": "string",
                      "title": "Email",
                      "description": "Email.",
                      "default": "",
                      "examples": [
                        "alicebob@malwarebytes.com"
                      ]
                    },
                    "last_login_at": {
                      "type": "string",
                      "title": "The last time this user logged in",
                      "description": "Last login time",
                      "default": "",
                      "examples": [
                        "2018-10-05T15:15:36.116105Z"
                      ]
                    },
                    "unconfirmed_email": {
                      "type": "string",
                      "title": "Unconfirmed email",
                      "description": "Unconfirmed email.",
                      "default": "",
                      "examples": [
                        ""
                      ]
                    },
                    "role": {
                      "type": "string",
                      "title": "The Role of the user",
                      "description": "The role of the user.",
                      "default": "",
                      "enum": [
                        "SuperAdmin",
                        "Admin",
                        "ReadOnlyUser"
                      ],
                      "examples": [
                        "SuperAdmin"
                      ]
                    },
                    "all_groups_access": {
                      "type": "boolean",
                      "title": "Whether the user has access to all groups or not (applies to admin and readonly users)",
                      "default": false,
                      "examples": [
                        true
                      ]
                    },
                    "group_ids": {
                      "type": "array",
                      "title": "The group_ids schema",
                      "default": [],
                      "additionalItems": true,
                      "items": {
                        "type": "string",
                        "title": "Unique identifier of groups to which this user is assigned to"
                      }
                    },
                    "otp_enabled": {
                      "type": "boolean",
                      "title": "The otp_enabled schema",
                      "description": "Whether OTP is enabled or not.",
                      "default": false,
                      "examples": [
                        false
                      ]
                    },
                    "otp_recovery_email": {
                      "type": "string",
                      "title": "The opt recovery email",
                      "description": "The opt recovery email",
                      "default": "",
                      "examples": [
                        "alicebob@malwarebytes.com"
                      ]
                    },
                    "otp_recovery_email_status": {
                      "type": "string",
                      "title": "The opt recovery email status",
                      "description": "The opt recovery email status",
                      "default": "AwaitingSetup",
                      "examples": [
                        "AwaitingSetup",
                        "PendingVerification",
                        "ExpiredVerification",
                        "Verified"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Users"
        ],
        "operationId": "api.nebula.put.users"
      }
    },
    "/nebula/v1/users": {
      "get": {
        "description": "Get nebula users.",
        "summary": "Get nebula users",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Get users response schema",
                  "description": "Get users response schema.",
                  "examples": [
                    {
                      "users": [
                        {
                          "id": "16ea2ecb-bc28-43e2-b66f-9edc48bef56f",
                          "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                          "display_name": "Alice Bob",
                          "email": "alicebob@malwarebytes.com",
                          "last_login_at": "2018-10-05T15:15:36.116105Z",
                          "unconfirmed_email": "",
                          "role": "SuperAdmin",
                          "impersonation_authorized_until": null,
                          "all_groups_access": true,
                          "group_ids": [],
                          "otp_enabled": false,
                          "otp_recovery_email": "test@gmail.com",
                          "otp_recovery_email_status": "Verified"
                        }
                      ],
                      "total_count": 1,
                      "next_cursor": "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    }
                  ],
                  "required": [
                    "users",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "users": {
                      "type": "array",
                      "title": "List of users",
                      "description": "List of users.",
                      "items": {
                        "$schema": "http://json-schema.org/draft-07/schema",
                        "type": "object",
                        "title": "Nebula user model",
                        "description": "Nebula user model",
                        "examples": [
                          {
                            "id": "16ea2ecb-bc28-43e2-b66f-9edc48bef56f",
                            "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                            "display_name": "Alice Bob",
                            "email": "alicebob@malwarebytes.com",
                            "last_login_at": "2018-10-05T15:15:36.116105Z",
                            "unconfirmed_email": "",
                            "ars_permission": true,
                            "role": "SuperAdmin",
                            "impersonation_authorized_until": null,
                            "all_groups_access": true,
                            "group_ids": [],
                            "otp_enabled": false,
                            "otp_recovery_email": "test@gmail.com",
                            "otp_recovery_email_status": "Verified"
                          }
                        ],
                        "required": [
                          "id",
                          "account_id",
                          "display_name",
                          "role",
                          "all_groups_access",
                          "group_ids"
                        ],
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "The id schema",
                            "description": "The unique identifier of the user.",
                            "default": "",
                            "examples": [
                              "16ea2ecb-bc28-43e2-b66f-9edc48bef56f"
                            ]
                          },
                          "ars_permission": {
                            "type": "boolean",
                            "title": "ARS permission",
                            "description": "ARS permission for the iuser",
                            "default": false,
                            "examples": [
                              false
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "The account_id",
                            "description": "Account id.",
                            "default": "",
                            "examples": [
                              "550a20b8-6d36-4222-afbc-54d100f2e894"
                            ]
                          },
                          "display_name": {
                            "type": "string",
                            "title": "User display ame",
                            "description": "The display name of the user.",
                            "default": "",
                            "examples": [
                              "Alice Bob"
                            ]
                          },
                          "email": {
                            "type": "string",
                            "title": "Email",
                            "description": "Email.",
                            "default": "",
                            "examples": [
                              "alicebob@malwarebytes.com"
                            ]
                          },
                          "last_login_at": {
                            "type": "string",
                            "title": "The last time this user logged in",
                            "description": "Last login time",
                            "default": "",
                            "examples": [
                              "2018-10-05T15:15:36.116105Z"
                            ]
                          },
                          "unconfirmed_email": {
                            "type": "string",
                            "title": "Unconfirmed email",
                            "description": "Unconfirmed email.",
                            "default": "",
                            "examples": [
                              ""
                            ]
                          },
                          "role": {
                            "type": "string",
                            "title": "The Role of the user",
                            "description": "The role of the user.",
                            "default": "",
                            "enum": [
                              "SuperAdmin",
                              "Admin",
                              "ReadOnlyUser"
                            ],
                            "examples": [
                              "SuperAdmin"
                            ]
                          },
                          "all_groups_access": {
                            "type": "boolean",
                            "title": "Whether the user has access to all groups or not (applies to admin and readonly users)",
                            "default": false,
                            "examples": [
                              true
                            ]
                          },
                          "group_ids": {
                            "type": "array",
                            "title": "The group_ids schema",
                            "default": [],
                            "additionalItems": true,
                            "items": {
                              "type": "string",
                              "title": "Unique identifier of groups to which this user is assigned to"
                            }
                          },
                          "otp_enabled": {
                            "type": "boolean",
                            "title": "The otp_enabled schema",
                            "description": "Whether OTP is enabled or not.",
                            "default": false,
                            "examples": [
                              false
                            ]
                          },
                          "otp_recovery_email": {
                            "type": "string",
                            "title": "The opt recovery email",
                            "description": "The opt recovery email",
                            "default": "",
                            "examples": [
                              "alicebob@malwarebytes.com"
                            ]
                          },
                          "otp_recovery_email_status": {
                            "type": "string",
                            "title": "The opt recovery email status",
                            "description": "The opt recovery email status",
                            "default": "AwaitingSetup",
                            "examples": [
                              "AwaitingSetup",
                              "PendingVerification",
                              "ExpiredVerification",
                              "Verified"
                            ]
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The total_count schema",
                      "description": "Total count of users.",
                      "default": 0,
                      "examples": [
                        1
                      ]
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Users"
        ],
        "operationId": "api.nebula.get.users"
      },
      "post": {
        "description": "Create user.",
        "summary": "Create user",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$schema": "http://json-schema.org/draft-07/schema",
                "type": "object",
                "title": "Nebula user model",
                "description": "Nebula user model",
                "examples": [
                  {
                    "email": "alicebob@malwarebytes.com",
                    "role": "SuperAdmin",
                    "all_groups_access": true,
                    "group_ids": []
                  }
                ],
                "required": [
                  "email",
                  "role",
                  "all_groups_access",
                  "group_ids"
                ],
                "properties": {
                  "email": {
                    "type": "string",
                    "title": "Email",
                    "description": "Email.",
                    "examples": [
                      "alicebob@malwarebytes.com"
                    ]
                  },
                  "ars_permission": {
                    "type": "boolean",
                    "title": "ARS permission",
                    "description": "ARS permission for the iuser",
                    "default": false,
                    "examples": [
                      false
                    ]
                  },
                  "role": {
                    "type": "string",
                    "title": "The Role of the user",
                    "description": "The role of the user.",
                    "enum": [
                      "SuperAdmin",
                      "Admin",
                      "ReadOnlyUser"
                    ],
                    "examples": [
                      "SuperAdmin"
                    ]
                  },
                  "all_groups_access": {
                    "type": "boolean",
                    "title": "Whether the user has access to all groups or not (applies to admin and readonly users)",
                    "default": false,
                    "examples": [
                      true
                    ]
                  },
                  "group_ids": {
                    "type": "array",
                    "title": "The group_ids schema",
                    "default": [],
                    "additionalItems": true,
                    "items": {
                      "type": "string",
                      "title": "Unique identifier of groups to which this user is assigned to"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Users"
        ],
        "operationId": "api.nebula.post.users"
      }
    },
    "/nebula/v1/notifications/subscriptions": {
      "post": {
        "description": "Create notification subscription.",
        "summary": "Create notification",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The create notification Body",
                "required": [
                  "name",
                  "category",
                  "delivery"
                ],
                "properties": {
                  "name": {
                    "title": "Notification name. Must be unique",
                    "type": "string"
                  },
                  "description": {
                    "title": "Notification description",
                    "type": "string",
                    "default": ""
                  },
                  "category": {
                    "title": "The category of the events to be notified",
                    "type": "string"
                  },
                  "conditions": {
                    "title": "Filters the events that will be notified. It depends on category",
                    "type": "object"
                  },
                  "aggregation": {
                    "title": "Aggregate multiple events in a single notifications",
                    "type": "object",
                    "properties": {
                      "interval": {
                        "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                        "type": "integer",
                        "minimum": 10,
                        "maximum": 86400
                      }
                    }
                  },
                  "enabled": {
                    "title": "enable/disable notification",
                    "type": "boolean",
                    "default": true
                  },
                  "owner": {
                    "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                    "type": "string"
                  }
                },
                "anyOf": [
                  {
                    "title": "Detections",
                    "properties": {
                      "category": {
                        "enum": [
                          "threat_detections"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Detections output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "os_type",
                                        "os_version",
                                        "category",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "affected_application",
                                        "process_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "md5",
                                        "sha256",
                                        "engine_version",
                                        "last_user"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Detections output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "os_release_name",
                            "os_platform",
                            "os_type",
                            "os_version",
                            "category",
                            "type",
                            "path",
                            "status",
                            "scanned_at",
                            "reported_at",
                            "threat_name",
                            "affected_application",
                            "process_name",
                            "machine_id",
                            "machine_name",
                            "machine_ip",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "nics",
                            "md5",
                            "sha256",
                            "engine_version",
                            "last_user"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "affected_application",
                                "category",
                                "group_id",
                                "group_name",
                                "machine_id",
                                "machine_ip",
                                "machine_name",
                                "os_platform",
                                "os_release_name",
                                "path",
                                "policy_id",
                                "policy_name",
                                "process_name",
                                "status",
                                "threat_name",
                                "type"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                            "items": [
                                              {
                                                "const": "category"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by detection category",
                                              "type": "string",
                                              "enum": [
                                                "MALWARE",
                                                "PUP",
                                                "PUM",
                                                "AE",
                                                "ARW",
                                                "MWAC",
                                                "RID",
                                                "VULNERABLE_DRIVER"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action",
                                              "type": "string",
                                              "enum": [
                                                "blocked",
                                                "found",
                                                "quarantined",
                                                "deleted",
                                                "restored"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3,
                                                4,
                                                5,
                                                6
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"rtp\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "rtp"
                                              },
                                              {
                                                "title": "Filter events by real time protection"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "rtp"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "rtp"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                            "items": [
                                              {
                                                "const": "type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by type",
                                              "type": "string",
                                              "enum": [
                                                "application",
                                                "exploit",
                                                "extension",
                                                "file",
                                                "folder",
                                                "InboundConnection",
                                                "module",
                                                "OutboundConnection",
                                                "process",
                                                "reg_key",
                                                "reg_value"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "not_contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "begins_with": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Suspicious activity",
                    "properties": {
                      "category": {
                        "enum": [
                          "threat_suspicious_activity"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Suspicious activity",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "severity",
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "last_user",
                                        "first_activity",
                                        "last_activity",
                                        "isolation_type"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Suspicious activity",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "severity",
                            "account_id",
                            "account_name",
                            "os_release_name",
                            "os_platform",
                            "type",
                            "path",
                            "status",
                            "scanned_at",
                            "reported_at",
                            "threat_name",
                            "machine_id",
                            "machine_name",
                            "machine_ip",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "nics",
                            "last_user",
                            "first_activity",
                            "last_activity",
                            "isolation_type"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "group_id",
                                "group_name",
                                "machine_id",
                                "machine_ip",
                                "machine_name",
                                "os_platform",
                                "os_release_name",
                                "path",
                                "policy_id",
                                "policy_name",
                                "severity",
                                "status",
                                "threat_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                            "items": [
                                              {
                                                "const": "level"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by severity level",
                                              "type": "string",
                                              "enum": [
                                                "low",
                                                "medium",
                                                "high",
                                                "critical"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3,
                                                4,
                                                5,
                                                6
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "not_contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "begins_with": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by isolation_type exists",
                                            "const": "isolation_type"
                                          }
                                        ]
                                      },
                                      "not_exists": {
                                        "anyOf": [
                                          {
                                            "title": "Filter events by isolation_type not exists",
                                            "const": "isolation_type"
                                          }
                                        ]
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "User added",
                    "properties": {
                      "category": {
                        "enum": [
                          "user_added"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "User added",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "invited_by",
                                        "role",
                                        "email",
                                        "full_group_access",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "User added",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "ip_address",
                            "invited_by",
                            "role",
                            "email",
                            "full_group_access",
                            "timestamp",
                            "account_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "invited_by",
                                "ip_address",
                                "role"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "User deleted",
                    "properties": {
                      "category": {
                        "enum": [
                          "user_deleted"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "User deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "timestamp",
                                        "account_id",
                                        "deleted_by",
                                        "email"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "User deleted output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "ip_address",
                            "timestamp",
                            "account_id",
                            "deleted_by",
                            "email"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "ip_address",
                                "deleted_by"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "User verified",
                    "properties": {
                      "category": {
                        "enum": [
                          "user_verified"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "User verified",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "email",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "User verified",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "email",
                            "timestamp",
                            "account_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint registered",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_registered"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Endpoint registered output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "created_at"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Endpoint registered output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "created_at"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint deleted",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_unregistered"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Endpoint deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "timestamp",
                                        "timeout"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Endpoint deleted output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "timestamp",
                            "timeout"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"timeout\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "timeout"
                                              },
                                              {
                                                "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "timeout"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "timeout"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Command update",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_command_update"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Command update output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "command",
                                        "status",
                                        "created_at",
                                        "updated_at",
                                        "expires_at",
                                        "machine_id",
                                        "machine_name",
                                        "group_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Command update output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "command",
                            "status",
                            "created_at",
                            "updated_at",
                            "expires_at",
                            "machine_id",
                            "machine_name",
                            "group_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "command",
                                "status",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter the type of the machine_events to be notified",
                                              "type": "string",
                                              "enum": [
                                                "CREATED",
                                                "SENT",
                                                "RECEIVED",
                                                "STARTED",
                                                "TIMED_OUT",
                                                "COMPLETED",
                                                "EXPIRED",
                                                "FAILED",
                                                "CANCELLED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Quarantine",
                    "properties": {
                      "category": {
                        "enum": [
                          "quarantine"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Quarantine output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "path",
                                        "machine_name",
                                        "created_at",
                                        "status"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Quarantine output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "path",
                            "machine_name",
                            "created_at",
                            "status"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                        "items": [
                                          {
                                            "const": "quarantine_action"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter the type of the quarantine_events to be notified",
                                          "type": "string",
                                          "enum": [
                                            "QUARANTINE_DELETED",
                                            "QUARANTINE_RESTORED"
                                          ]
                                        }
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Threat scan",
                    "properties": {
                      "category": {
                        "enum": [
                          "threat_scan"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Threat scan output_fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "scan_date",
                                        "scan_id",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "ip_address",
                                        "detections"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Threat scan output_fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "scan_date",
                            "scan_id",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "ip_address",
                            "detections"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "ip_address",
                                "policy_id",
                                "policy_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat activity action",
                                              "type": "string",
                                              "enum": [
                                                "THREAT_CLEANED",
                                                "THREAT_FOUND"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Device control",
                    "properties": {
                      "category": {
                        "enum": [
                          "device_control"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Device control output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "path",
                                        "date",
                                        "action",
                                        "device_name",
                                        "manufacturer",
                                        "volume_serial",
                                        "serial_number",
                                        "physical_disk_name",
                                        "disk_interface",
                                        "file_system",
                                        "volume_name",
                                        "volume_device_path",
                                        "last_user"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Device control output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "path",
                            "date",
                            "action",
                            "device_name",
                            "manufacturer",
                            "volume_serial",
                            "serial_number",
                            "physical_disk_name",
                            "disk_interface",
                            "file_system",
                            "volume_name",
                            "volume_device_path",
                            "last_user"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "group_id",
                                "group_name",
                                "machine_id",
                                "machine_name",
                                "os_platform",
                                "os_release_name",
                                "policy_id",
                                "policy_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action",
                                              "type": "string",
                                              "enum": [
                                                "blocked",
                                                "read-only"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Site end date",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_expiring"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Site end date output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "days_left"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Site end date output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product",
                            "licensed_product",
                            "license_expires_at",
                            "days_left"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                            "items": [
                                              {
                                                "const": "days_left"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by days left before the license expiration",
                                              "type": "number",
                                              "enum": [
                                                0,
                                                1,
                                                3,
                                                5,
                                                7,
                                                14,
                                                30
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                            "items": [
                                              {
                                                "const": "license_term_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by license term type",
                                              "type": "string",
                                              "enum": [
                                                "cloud_evaluation",
                                                "evaluation",
                                                "freemium",
                                                "nfr",
                                                "site_license",
                                                "subscription",
                                                "utility"
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Site over deployed",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_over_deployment"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Site over deployed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Site over deployed output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                            "items": [
                                              {
                                                "const": "license_term_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by license term type",
                                              "type": "string",
                                              "enum": [
                                                "cloud_evaluation",
                                                "evaluation",
                                                "freemium",
                                                "nfr",
                                                "site_license",
                                                "subscription",
                                                "utility"
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Vulnerability status",
                    "properties": {
                      "category": {
                        "enum": [
                          "cve_found"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Vulnerability status output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "installed_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "cve_id",
                                        "severity",
                                        "created_at",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "description",
                                        "published_at",
                                        "severity_score"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Vulnerability status output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "product",
                            "vendor",
                            "installed_version",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "cve_id",
                            "severity",
                            "created_at",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "description",
                            "published_at",
                            "severity_score"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "cve_id",
                                "product",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                            "items": [
                                              {
                                                "const": "severity"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by severity",
                                              "type": "string",
                                              "enum": [
                                                "unknown",
                                                "low",
                                                "medium",
                                                "high",
                                                "critical"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"cisa_exploitable\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "cisa_exploitable"
                                              },
                                              {
                                                "title": "Filter events by CISA exploitable"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "cisa_exploitable"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "cisa_exploitable"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by available patch exists",
                                            "const": "available_patch"
                                          }
                                        ]
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by available patch not exists",
                                            "const": "available_patch"
                                          }
                                        ]
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Patch applied",
                    "properties": {
                      "category": {
                        "enum": [
                          "patch_applied"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Patch applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "status",
                                        "category"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Patch applied output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "title",
                            "description",
                            "product",
                            "vendor",
                            "severity",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "reboot_required",
                            "preview_patch",
                            "date",
                            "status",
                            "category"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "COMPLETED",
                                                "FAILED",
                                                "REBOOT_REQUIRED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"preview_patch\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "preview_patch"
                                              },
                                              {
                                                "title": "Filter events by preview_patch"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Software update applied",
                    "properties": {
                      "category": {
                        "enum": [
                          "software_update"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Software update applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "current_version",
                                        "new_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "date",
                                        "status",
                                        "signature_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Software update applied output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "product",
                            "vendor",
                            "current_version",
                            "new_version",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "date",
                            "status",
                            "signature_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "COMPLETED",
                                                "FAILED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Patch or software update available",
                    "properties": {
                      "category": {
                        "enum": [
                          "patch_available"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Patch or software update available",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "category",
                                        "patch_id",
                                        "released_at",
                                        "size"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Patch or software update available",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "title",
                            "description",
                            "product",
                            "vendor",
                            "severity",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "reboot_required",
                            "preview_patch",
                            "date",
                            "category",
                            "patch_id",
                            "released_at",
                            "size"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                            "items": [
                                              {
                                                "const": "severity"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by severity",
                                              "type": "string",
                                              "enum": [
                                                "unknown",
                                                "moderate",
                                                "low",
                                                "important",
                                                "critical"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"reboot_required\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "reboot_required"
                                              },
                                              {
                                                "title": "Filter events by reboot_required"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "reboot_required"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "reboot_required"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"preview_patch\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "preview_patch"
                                              },
                                              {
                                                "title": "Filter events by preview_patch"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS detection",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_detection"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS detection output fields",
                                    "minItems": 1,
                                    "type": "array",
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "file_name",
                                        "css_threat_name",
                                        "action_taken",
                                        "file_location",
                                        "file_owner",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS detection output fields",
                        "minItems": 1,
                        "type": "array",
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "file_name",
                            "css_threat_name",
                            "action_taken",
                            "file_location",
                            "file_owner",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "action_taken",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                            "items": [
                                              {
                                                "const": "action_taken"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action taken",
                                              "type": "string",
                                              "enum": [
                                                "Found",
                                                "Quarantined"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                            "items": [
                                              {
                                                "const": "cloud_provider"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by cloud provider",
                                              "type": "string",
                                              "enum": [
                                                "BOX",
                                                "ONEDRIVE",
                                                "GOOGLEDRIVE"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"scan_configuration_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "scan_configuration_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by scan configuration name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "contains": {
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "not_contains": {
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "begins_with": {
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS capacity approached",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_capacity_approached"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS capacity approached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS capacity approached output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS capacity reached",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_capacity_reached"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS capacity reached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS capacity reached output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS capacity exceeded",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_capacity_exceeded"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS capacity exceeded output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS capacity exceeded output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "DNS blocked",
                    "properties": {
                      "category": {
                        "enum": [
                          "dns_blocked"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "DNS blocked output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "timestamp",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "colo_id",
                                        "device_id",
                                        "user_id",
                                        "dst_ip",
                                        "src_ip",
                                        "email",
                                        "location",
                                        "policy",
                                        "rule_name",
                                        "action",
                                        "protocol",
                                        "query_name",
                                        "query_name_reversed",
                                        "resolver_decision",
                                        "query_category_ids",
                                        "query_size",
                                        "query_type",
                                        "src_port",
                                        "dst_port",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "os_architecture"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "DNS blocked output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "timestamp",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "colo_id",
                            "device_id",
                            "user_id",
                            "dst_ip",
                            "src_ip",
                            "email",
                            "location",
                            "policy",
                            "rule_name",
                            "action",
                            "protocol",
                            "query_name",
                            "query_name_reversed",
                            "resolver_decision",
                            "query_category_ids",
                            "query_size",
                            "query_type",
                            "src_port",
                            "dst_port",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "os_architecture"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Case management",
                    "properties": {
                      "category": {
                        "enum": [
                          "siemplify_case"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Case management output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "case_id",
                                        "case_name",
                                        "case_status",
                                        "case_created_at",
                                        "priority",
                                        "action_required",
                                        "event",
                                        "endpoints",
                                        "detections"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Case management output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "case_id",
                            "case_name",
                            "case_status",
                            "case_created_at",
                            "priority",
                            "action_required",
                            "event",
                            "endpoints",
                            "detections"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "case_id"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                            "items": [
                                              {
                                                "const": "event"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "case_created",
                                                "case_updated",
                                                "case_closed"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                            "items": [
                                              {
                                                "const": "priority"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "Critical",
                                                "High",
                                                "Medium",
                                                "Low"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"action_required\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "action_required"
                                              },
                                              {
                                                "title": "Filter events by CISA exploitable"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "action_required"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "action_required"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Application block",
                    "properties": {
                      "category": {
                        "enum": [
                          "app_block"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Application block output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "app_block_rules",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "scanned_at",
                                        "file_path",
                                        "last_user"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Application block output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "app_block_rules",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "scanned_at",
                            "file_path",
                            "last_user"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "group_id",
                                "group_name",
                                "policy_id",
                                "policy_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "additionalItems": false
                                      },
                                      "lte": {
                                        "type": "array",
                                        "const": ""
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Entitlement changed",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_entitlement_changed"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Entitlement changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew",
                                        "status"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Entitlement changed output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product",
                            "licensed_product",
                            "license_expires_at",
                            "license_key_status",
                            "auto_renew",
                            "status"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "added",
                                                "updated",
                                                "removed"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                            "items": [
                                              {
                                                "const": "license_term_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by license term type",
                                              "type": "string",
                                              "enum": [
                                                "cloud_evaluation",
                                                "evaluation",
                                                "freemium",
                                                "nfr",
                                                "site_license",
                                                "subscription",
                                                "utility"
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Entitlement usage changed",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_entitlement_usage_changed"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Entitlement usage changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Entitlement usage changed output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product",
                            "licensed_product",
                            "license_expires_at",
                            "license_key_status",
                            "auto_renew"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                        "items": [
                                          {
                                            "const": "license_term_type"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by license term type",
                                          "type": "string",
                                          "enum": [
                                            "cloud_evaluation",
                                            "evaluation",
                                            "freemium",
                                            "nfr",
                                            "site_license",
                                            "subscription",
                                            "utility"
                                          ]
                                        }
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint status changed",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_status_changed"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Endpoint status changed",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "status_change",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "codes"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Endpoint status changed",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "status_change",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "codes"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "status_change",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                            "items": [
                                              {
                                                "const": "status_change"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter the type of status_change to be notified",
                                              "type": "string",
                                              "enum": [
                                                "ENDPOINT_REBOOT_REQUIRED",
                                                "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                "ENDPOINT_INFECTED",
                                                "ENDPOINT_REMEDIATED",
                                                "ENDPOINT_ISOLATED",
                                                "ENDPOINT_UNISOLATED",
                                                "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                "AGENT_ALERTS_CHANGED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Inactive endpoint",
                    "properties": {
                      "category": {
                        "enum": [
                          "inactive_endpoint"
                        ]
                      },
                      "delivery": {
                        "properties": {
                          "output_fields": {
                            "title": "Information to include in the JSON body. If omitted, include all",
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "group_id",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "os_platform",
                                "os_release_name",
                                "os_type",
                                "os_version",
                                "last_seen_at"
                              ]
                            }
                          }
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                            "items": [
                                              {
                                                "const": "os_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS type",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"policy_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"policy_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"last_seen_at\"",
                                            "items": [
                                              {
                                                "const": "last_seen_at"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter inactive machines by less than equals days since last active",
                                              "type": "number",
                                              "minimum": 1
                                            }
                                          }
                                        ]
                                      },
                                      "gte": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"last_seen_at\"",
                                            "items": [
                                              {
                                                "const": "last_seen_at"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter inactive machines by less than equals days since last active",
                                              "type": "number",
                                              "minimum": 1
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Firewall activity",
                    "properties": {
                      "category": {
                        "enum": [
                          "firewall_activity"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Firewall activity output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "start_time",
                                        "end_time",
                                        "rule_id",
                                        "rule_name",
                                        "ruleset_id",
                                        "ruleset_name",
                                        "direction",
                                        "action",
                                        "protocol",
                                        "location",
                                        "program",
                                        "service",
                                        "hits",
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Firewall activity output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "start_time",
                            "end_time",
                            "rule_id",
                            "rule_name",
                            "ruleset_id",
                            "ruleset_name",
                            "direction",
                            "action",
                            "protocol",
                            "location",
                            "program",
                            "service",
                            "hits",
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action",
                                              "type": "string",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                            "items": [
                                              {
                                                "const": "direction"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by direction",
                                              "type": "string",
                                              "enum": [
                                                "Inbound",
                                                "Outbound"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint isolation",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_isolation"
                        ]
                      },
                      "delivery": {
                        "type": "array",
                        "items": {
                          "title": "Notification delivery schema",
                          "type": "object",
                          "required": [
                            "type"
                          ],
                          "anyOf": [
                            {
                              "title": "Webhook delivery",
                              "required": [
                                "url"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "webhook"
                                  ]
                                },
                                "url": {
                                  "title": "Webhook url",
                                  "type": "string",
                                  "format": "uri"
                                },
                                "custom_headers": {
                                  "title": "Custom headers that will be included in the request",
                                  "type": "object",
                                  "additionalProperties": {
                                    "type": "string"
                                  }
                                },
                                "max_retries": {
                                  "title": "Maximum number of retries if the delivery is not successful",
                                  "type": "number"
                                },
                                "secret_token": {
                                  "title": "The secret token that will be used to sign the message",
                                  "type": "string"
                                }
                              }
                            },
                            {
                              "title": "Email delivery",
                              "required": [
                                "recipients",
                                "subject"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "email"
                                  ]
                                },
                                "recipients": {
                                  "title": "Recipients list",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "format": "email"
                                  }
                                },
                                "subject": {
                                  "title": "The subject of the email",
                                  "type": "string"
                                }
                              }
                            },
                            {
                              "title": "Slack delivery",
                              "required": [
                                "channels"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "slack"
                                  ]
                                },
                                "channels": {
                                  "title": "Slack channels list",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "MS Teams delivery",
                              "required": [
                                "conversations"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "teams"
                                  ]
                                },
                                "conversations": {
                                  "title": "MS Teams conversations IDs",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Mobile push notification delivery",
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "mobile"
                                  ]
                                }
                              }
                            }
                          ]
                        }
                      },
                      "output_fields": {
                        "title": "Endpoint isolation output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "status",
                            "created_at",
                            "updated_at",
                            "expires_at",
                            "machine_id",
                            "machine_name",
                            "os_release_name",
                            "os_platform",
                            "os_type",
                            "os_version",
                            "rule_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "status",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter the type of the status update to be notified",
                                              "type": "string",
                                              "enum": [
                                                "COMPLETED",
                                                "EXPIRED",
                                                "FAILED",
                                                "CANCELLED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                            "const": "rule_id"
                                          }
                                        ]
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                            "const": "rule_id"
                                          }
                                        ]
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                ],
                "if": {
                  "properties": {
                    "category": {
                      "enum": [
                        "user_added",
                        "user_deleted",
                        "user_verified",
                        "license_over_deployment",
                        "css_capacity_approached",
                        "css_capacity_reached",
                        "css_capacity_exceeded"
                      ]
                    }
                  }
                },
                "then": {
                  "properties": {
                    "conditions": {
                      "additionalProperties": false
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "202": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The get notification Body",
                  "allOf": [
                    {
                      "type": "object",
                      "title": "The create notification Body",
                      "required": [
                        "name",
                        "category",
                        "delivery"
                      ],
                      "properties": {
                        "name": {
                          "title": "Notification name. Must be unique",
                          "type": "string"
                        },
                        "description": {
                          "title": "Notification description",
                          "type": "string",
                          "default": ""
                        },
                        "category": {
                          "title": "The category of the events to be notified",
                          "type": "string"
                        },
                        "conditions": {
                          "title": "Filters the events that will be notified. It depends on category",
                          "type": "object"
                        },
                        "aggregation": {
                          "title": "Aggregate multiple events in a single notifications",
                          "type": "object",
                          "properties": {
                            "interval": {
                              "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                              "type": "integer",
                              "minimum": 10,
                              "maximum": 86400
                            }
                          }
                        },
                        "enabled": {
                          "title": "enable/disable notification",
                          "type": "boolean",
                          "default": true
                        },
                        "owner": {
                          "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                          "type": "string"
                        }
                      },
                      "anyOf": [
                        {
                          "title": "Detections",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_detections"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Detections output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "os_release_name",
                                              "os_platform",
                                              "os_type",
                                              "os_version",
                                              "category",
                                              "type",
                                              "path",
                                              "status",
                                              "scanned_at",
                                              "reported_at",
                                              "threat_name",
                                              "affected_application",
                                              "process_name",
                                              "machine_id",
                                              "machine_name",
                                              "machine_ip",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "nics",
                                              "md5",
                                              "sha256",
                                              "engine_version",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Detections output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "os_release_name",
                                  "os_platform",
                                  "os_type",
                                  "os_version",
                                  "category",
                                  "type",
                                  "path",
                                  "status",
                                  "scanned_at",
                                  "reported_at",
                                  "threat_name",
                                  "affected_application",
                                  "process_name",
                                  "machine_id",
                                  "machine_name",
                                  "machine_ip",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "nics",
                                  "md5",
                                  "sha256",
                                  "engine_version",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "affected_application",
                                      "category",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_ip",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "path",
                                      "policy_id",
                                      "policy_name",
                                      "process_name",
                                      "status",
                                      "threat_name",
                                      "type"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                                  "items": [
                                                    {
                                                      "const": "category"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by detection category",
                                                    "type": "string",
                                                    "enum": [
                                                      "MALWARE",
                                                      "PUP",
                                                      "PUM",
                                                      "AE",
                                                      "ARW",
                                                      "MWAC",
                                                      "RID",
                                                      "VULNERABLE_DRIVER"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "blocked",
                                                      "found",
                                                      "quarantined",
                                                      "deleted",
                                                      "restored"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3,
                                                      4,
                                                      5,
                                                      6
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"rtp\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "rtp"
                                                    },
                                                    {
                                                      "title": "Filter events by real time protection"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "rtp"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "rtp"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                                  "items": [
                                                    {
                                                      "const": "type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by type",
                                                    "type": "string",
                                                    "enum": [
                                                      "application",
                                                      "exploit",
                                                      "extension",
                                                      "file",
                                                      "folder",
                                                      "InboundConnection",
                                                      "module",
                                                      "OutboundConnection",
                                                      "process",
                                                      "reg_key",
                                                      "reg_value"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Suspicious activity",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_suspicious_activity"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Suspicious activity",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "severity",
                                              "account_id",
                                              "account_name",
                                              "os_release_name",
                                              "os_platform",
                                              "type",
                                              "path",
                                              "status",
                                              "scanned_at",
                                              "reported_at",
                                              "threat_name",
                                              "machine_id",
                                              "machine_name",
                                              "machine_ip",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "nics",
                                              "last_user",
                                              "first_activity",
                                              "last_activity",
                                              "isolation_type"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Suspicious activity",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "severity",
                                  "account_id",
                                  "account_name",
                                  "os_release_name",
                                  "os_platform",
                                  "type",
                                  "path",
                                  "status",
                                  "scanned_at",
                                  "reported_at",
                                  "threat_name",
                                  "machine_id",
                                  "machine_name",
                                  "machine_ip",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "nics",
                                  "last_user",
                                  "first_activity",
                                  "last_activity",
                                  "isolation_type"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_ip",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "path",
                                      "policy_id",
                                      "policy_name",
                                      "severity",
                                      "status",
                                      "threat_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "level"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity level",
                                                    "type": "string",
                                                    "enum": [
                                                      "low",
                                                      "medium",
                                                      "high",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3,
                                                      4,
                                                      5,
                                                      6
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by isolation_type exists",
                                                  "const": "isolation_type"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by isolation_type not exists",
                                                  "const": "isolation_type"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User added",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_added"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User added",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "ip_address",
                                              "invited_by",
                                              "role",
                                              "email",
                                              "full_group_access",
                                              "timestamp",
                                              "account_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User added",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "ip_address",
                                  "invited_by",
                                  "role",
                                  "email",
                                  "full_group_access",
                                  "timestamp",
                                  "account_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "invited_by",
                                      "ip_address",
                                      "role"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User deleted",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_deleted"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User deleted output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "ip_address",
                                              "timestamp",
                                              "account_id",
                                              "deleted_by",
                                              "email"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User deleted output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "ip_address",
                                  "timestamp",
                                  "account_id",
                                  "deleted_by",
                                  "email"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "ip_address",
                                      "deleted_by"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User verified",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_verified"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User verified",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "email",
                                              "timestamp",
                                              "account_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User verified",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "email",
                                  "timestamp",
                                  "account_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint registered",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_registered"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint registered output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "created_at"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint registered output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "created_at"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint deleted",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_unregistered"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint deleted output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "timestamp",
                                              "timeout"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint deleted output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "timestamp",
                                  "timeout"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"timeout\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "timeout"
                                                    },
                                                    {
                                                      "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "timeout"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "timeout"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Command update",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_command_update"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Command update output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "command",
                                              "status",
                                              "created_at",
                                              "updated_at",
                                              "expires_at",
                                              "machine_id",
                                              "machine_name",
                                              "group_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Command update output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "command",
                                  "status",
                                  "created_at",
                                  "updated_at",
                                  "expires_at",
                                  "machine_id",
                                  "machine_name",
                                  "group_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "command",
                                      "status",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the machine_events to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "CREATED",
                                                      "SENT",
                                                      "RECEIVED",
                                                      "STARTED",
                                                      "TIMED_OUT",
                                                      "COMPLETED",
                                                      "EXPIRED",
                                                      "FAILED",
                                                      "CANCELLED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Quarantine",
                          "properties": {
                            "category": {
                              "enum": [
                                "quarantine"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Quarantine output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "path",
                                              "machine_name",
                                              "created_at",
                                              "status"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Quarantine output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "path",
                                  "machine_name",
                                  "created_at",
                                  "status"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                              "items": [
                                                {
                                                  "const": "quarantine_action"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter the type of the quarantine_events to be notified",
                                                "type": "string",
                                                "enum": [
                                                  "QUARANTINE_DELETED",
                                                  "QUARANTINE_RESTORED"
                                                ]
                                              }
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Threat scan",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_scan"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Threat scan output_fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "scan_date",
                                              "scan_id",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "ip_address",
                                              "detections"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Threat scan output_fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "scan_date",
                                  "scan_id",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "ip_address",
                                  "detections"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "ip_address",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat activity action",
                                                    "type": "string",
                                                    "enum": [
                                                      "THREAT_CLEANED",
                                                      "THREAT_FOUND"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Device control",
                          "properties": {
                            "category": {
                              "enum": [
                                "device_control"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Device control output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "path",
                                              "date",
                                              "action",
                                              "device_name",
                                              "manufacturer",
                                              "volume_serial",
                                              "serial_number",
                                              "physical_disk_name",
                                              "disk_interface",
                                              "file_system",
                                              "volume_name",
                                              "volume_device_path",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Device control output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "path",
                                  "date",
                                  "action",
                                  "device_name",
                                  "manufacturer",
                                  "volume_serial",
                                  "serial_number",
                                  "physical_disk_name",
                                  "disk_interface",
                                  "file_system",
                                  "volume_name",
                                  "volume_device_path",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "blocked",
                                                      "read-only"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Site end date",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_expiring"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Site end date output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "days_left"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Site end date output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "days_left"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                                  "items": [
                                                    {
                                                      "const": "days_left"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by days left before the license expiration",
                                                    "type": "number",
                                                    "enum": [
                                                      0,
                                                      1,
                                                      3,
                                                      5,
                                                      7,
                                                      14,
                                                      30
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Site over deployed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_over_deployment"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Site over deployed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Site over deployed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Vulnerability status",
                          "properties": {
                            "category": {
                              "enum": [
                                "cve_found"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Vulnerability status output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "product",
                                              "vendor",
                                              "installed_version",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "cve_id",
                                              "severity",
                                              "created_at",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "cisa_exploitable",
                                              "known_ransomware_campaign_use",
                                              "description",
                                              "published_at",
                                              "severity_score"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Vulnerability status output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "product",
                                  "vendor",
                                  "installed_version",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "cve_id",
                                  "severity",
                                  "created_at",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "cisa_exploitable",
                                  "known_ransomware_campaign_use",
                                  "description",
                                  "published_at",
                                  "severity_score"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "cve_id",
                                      "product",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "severity"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity",
                                                    "type": "string",
                                                    "enum": [
                                                      "unknown",
                                                      "low",
                                                      "medium",
                                                      "high",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"cisa_exploitable\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "cisa_exploitable"
                                                    },
                                                    {
                                                      "title": "Filter events by CISA exploitable"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "cisa_exploitable"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "cisa_exploitable"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by available patch exists",
                                                  "const": "available_patch"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by available patch not exists",
                                                  "const": "available_patch"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Patch applied",
                          "properties": {
                            "category": {
                              "enum": [
                                "patch_applied"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Patch applied output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "title",
                                              "description",
                                              "product",
                                              "vendor",
                                              "severity",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "reboot_required",
                                              "preview_patch",
                                              "date",
                                              "status",
                                              "category"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Patch applied output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "title",
                                  "description",
                                  "product",
                                  "vendor",
                                  "severity",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "reboot_required",
                                  "preview_patch",
                                  "date",
                                  "status",
                                  "category"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "FAILED",
                                                      "REBOOT_REQUIRED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"preview_patch\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "preview_patch"
                                                    },
                                                    {
                                                      "title": "Filter events by preview_patch"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Software update applied",
                          "properties": {
                            "category": {
                              "enum": [
                                "software_update"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Software update applied output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "product",
                                              "vendor",
                                              "current_version",
                                              "new_version",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "date",
                                              "status",
                                              "signature_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Software update applied output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "product",
                                  "vendor",
                                  "current_version",
                                  "new_version",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "date",
                                  "status",
                                  "signature_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "FAILED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Patch or software update available",
                          "properties": {
                            "category": {
                              "enum": [
                                "patch_available"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Patch or software update available",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "title",
                                              "description",
                                              "product",
                                              "vendor",
                                              "severity",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "reboot_required",
                                              "preview_patch",
                                              "date",
                                              "category",
                                              "patch_id",
                                              "released_at",
                                              "size"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Patch or software update available",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "title",
                                  "description",
                                  "product",
                                  "vendor",
                                  "severity",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "reboot_required",
                                  "preview_patch",
                                  "date",
                                  "category",
                                  "patch_id",
                                  "released_at",
                                  "size"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "severity"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity",
                                                    "type": "string",
                                                    "enum": [
                                                      "unknown",
                                                      "moderate",
                                                      "low",
                                                      "important",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"reboot_required\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "reboot_required"
                                                    },
                                                    {
                                                      "title": "Filter events by reboot_required"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "reboot_required"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "reboot_required"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"preview_patch\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "preview_patch"
                                                    },
                                                    {
                                                      "title": "Filter events by preview_patch"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS detection",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_detection"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS detection output fields",
                                          "minItems": 1,
                                          "type": "array",
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "file_name",
                                              "css_threat_name",
                                              "action_taken",
                                              "file_location",
                                              "file_owner",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS detection output fields",
                              "minItems": 1,
                              "type": "array",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "file_name",
                                  "css_threat_name",
                                  "action_taken",
                                  "file_location",
                                  "file_owner",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "action_taken",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                                  "items": [
                                                    {
                                                      "const": "action_taken"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action taken",
                                                    "type": "string",
                                                    "enum": [
                                                      "Found",
                                                      "Quarantined"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                                  "items": [
                                                    {
                                                      "const": "cloud_provider"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by cloud provider",
                                                    "type": "string",
                                                    "enum": [
                                                      "BOX",
                                                      "ONEDRIVE",
                                                      "GOOGLEDRIVE"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan configuration name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "contains": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity approached",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_approached"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity approached output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity approached output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity reached",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_reached"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity reached output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity reached output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity exceeded",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_exceeded"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity exceeded output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity exceeded output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "DNS blocked",
                          "properties": {
                            "category": {
                              "enum": [
                                "dns_blocked"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "DNS blocked output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "timestamp",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "colo_id",
                                              "device_id",
                                              "user_id",
                                              "dst_ip",
                                              "src_ip",
                                              "email",
                                              "location",
                                              "policy",
                                              "rule_name",
                                              "action",
                                              "protocol",
                                              "query_name",
                                              "query_name_reversed",
                                              "resolver_decision",
                                              "query_category_ids",
                                              "query_size",
                                              "query_type",
                                              "src_port",
                                              "dst_port",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "os_architecture"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "DNS blocked output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "timestamp",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "colo_id",
                                  "device_id",
                                  "user_id",
                                  "dst_ip",
                                  "src_ip",
                                  "email",
                                  "location",
                                  "policy",
                                  "rule_name",
                                  "action",
                                  "protocol",
                                  "query_name",
                                  "query_name_reversed",
                                  "resolver_decision",
                                  "query_category_ids",
                                  "query_size",
                                  "query_type",
                                  "src_port",
                                  "dst_port",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "os_architecture"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Case management",
                          "properties": {
                            "category": {
                              "enum": [
                                "siemplify_case"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Case management output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "case_id",
                                              "case_name",
                                              "case_status",
                                              "case_created_at",
                                              "priority",
                                              "action_required",
                                              "event",
                                              "endpoints",
                                              "detections"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Case management output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "case_id",
                                  "case_name",
                                  "case_status",
                                  "case_created_at",
                                  "priority",
                                  "action_required",
                                  "event",
                                  "endpoints",
                                  "detections"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "case_id"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                                  "items": [
                                                    {
                                                      "const": "event"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "case_created",
                                                      "case_updated",
                                                      "case_closed"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                                  "items": [
                                                    {
                                                      "const": "priority"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "Critical",
                                                      "High",
                                                      "Medium",
                                                      "Low"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"action_required\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "action_required"
                                                    },
                                                    {
                                                      "title": "Filter events by CISA exploitable"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "action_required"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "action_required"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Application block",
                          "properties": {
                            "category": {
                              "enum": [
                                "app_block"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Application block output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "app_block_rules",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "scanned_at",
                                              "file_path",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Application block output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "app_block_rules",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "scanned_at",
                                  "file_path",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "additionalItems": false
                                            },
                                            "lte": {
                                              "type": "array",
                                              "const": ""
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Entitlement changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_entitlement_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Entitlement changed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "license_key_status",
                                              "auto_renew",
                                              "status"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Entitlement changed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "license_key_status",
                                  "auto_renew",
                                  "status"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "added",
                                                      "updated",
                                                      "removed"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Entitlement usage changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_entitlement_usage_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Entitlement usage changed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "license_key_status",
                                              "auto_renew"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Entitlement usage changed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "license_key_status",
                                  "auto_renew"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                              "items": [
                                                {
                                                  "const": "license_term_type"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by license term type",
                                                "type": "string",
                                                "enum": [
                                                  "cloud_evaluation",
                                                  "evaluation",
                                                  "freemium",
                                                  "nfr",
                                                  "site_license",
                                                  "subscription",
                                                  "utility"
                                                ]
                                              }
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint status changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_status_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint status changed",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "status_change",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "codes"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint status changed",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "status_change",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "codes"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status_change",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                                  "items": [
                                                    {
                                                      "const": "status_change"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of status_change to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "ENDPOINT_REBOOT_REQUIRED",
                                                      "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                      "ENDPOINT_INFECTED",
                                                      "ENDPOINT_REMEDIATED",
                                                      "ENDPOINT_ISOLATED",
                                                      "ENDPOINT_UNISOLATED",
                                                      "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                      "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                      "AGENT_ALERTS_CHANGED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Inactive endpoint",
                          "properties": {
                            "category": {
                              "enum": [
                                "inactive_endpoint"
                              ]
                            },
                            "delivery": {
                              "properties": {
                                "output_fields": {
                                  "title": "Information to include in the JSON body. If omitted, include all",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "last_seen_at"
                                    ]
                                  }
                                }
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                                  "items": [
                                                    {
                                                      "const": "os_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS type",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"policy_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"policy_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"last_seen_at\"",
                                                  "items": [
                                                    {
                                                      "const": "last_seen_at"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter inactive machines by less than equals days since last active",
                                                    "type": "number",
                                                    "minimum": 1
                                                  }
                                                }
                                              ]
                                            },
                                            "gte": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"last_seen_at\"",
                                                  "items": [
                                                    {
                                                      "const": "last_seen_at"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter inactive machines by less than equals days since last active",
                                                    "type": "number",
                                                    "minimum": 1
                                                  }
                                                }
                                              ]
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Firewall activity",
                          "properties": {
                            "category": {
                              "enum": [
                                "firewall_activity"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Firewall activity output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "start_time",
                                              "end_time",
                                              "rule_id",
                                              "rule_name",
                                              "ruleset_id",
                                              "ruleset_name",
                                              "direction",
                                              "action",
                                              "protocol",
                                              "location",
                                              "program",
                                              "service",
                                              "hits",
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Firewall activity output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "start_time",
                                  "end_time",
                                  "rule_id",
                                  "rule_name",
                                  "ruleset_id",
                                  "ruleset_name",
                                  "direction",
                                  "action",
                                  "protocol",
                                  "location",
                                  "program",
                                  "service",
                                  "hits",
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "ALLOW",
                                                      "BLOCK"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                                  "items": [
                                                    {
                                                      "const": "direction"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by direction",
                                                    "type": "string",
                                                    "enum": [
                                                      "Inbound",
                                                      "Outbound"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint isolation",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_isolation"
                              ]
                            },
                            "delivery": {
                              "type": "array",
                              "items": {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              }
                            },
                            "output_fields": {
                              "title": "Endpoint isolation output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "status",
                                  "created_at",
                                  "updated_at",
                                  "expires_at",
                                  "machine_id",
                                  "machine_name",
                                  "os_release_name",
                                  "os_platform",
                                  "os_type",
                                  "os_version",
                                  "rule_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the status update to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "EXPIRED",
                                                      "FAILED",
                                                      "CANCELLED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                  "const": "rule_id"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                  "const": "rule_id"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      ],
                      "if": {
                        "properties": {
                          "category": {
                            "enum": [
                              "user_added",
                              "user_deleted",
                              "user_verified",
                              "license_over_deployment",
                              "css_capacity_approached",
                              "css_capacity_reached",
                              "css_capacity_exceeded"
                            ]
                          }
                        }
                      },
                      "then": {
                        "properties": {
                          "conditions": {
                            "additionalProperties": false
                          }
                        }
                      }
                    },
                    {
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "title": "Notification Id",
                          "type": "string"
                        },
                        "updated_at": {
                          "title": "Updated at timestamp",
                          "type": "object",
                          "format": "date-time"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.post.notification"
      },
      "get": {
        "description": "Get all notification subscriptions.",
        "summary": "Get all notifications",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "owner",
            "required": false,
            "in": "query",
            "description": "the identifier of the owner of the subscription, in the scope of the client",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "description": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The get all notification Body",
                  "required": [
                    "records",
                    "next_cursor"
                  ],
                  "properties": {
                    "records": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "title": "The get notification Body",
                        "allOf": [
                          {
                            "type": "object",
                            "title": "The create notification Body",
                            "required": [
                              "name",
                              "category",
                              "delivery"
                            ],
                            "properties": {
                              "name": {
                                "title": "Notification name. Must be unique",
                                "type": "string"
                              },
                              "description": {
                                "title": "Notification description",
                                "type": "string",
                                "default": ""
                              },
                              "category": {
                                "title": "The category of the events to be notified",
                                "type": "string"
                              },
                              "conditions": {
                                "title": "Filters the events that will be notified. It depends on category",
                                "type": "object"
                              },
                              "aggregation": {
                                "title": "Aggregate multiple events in a single notifications",
                                "type": "object",
                                "properties": {
                                  "interval": {
                                    "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                                    "type": "integer",
                                    "minimum": 10,
                                    "maximum": 86400
                                  }
                                }
                              },
                              "enabled": {
                                "title": "enable/disable notification",
                                "type": "boolean",
                                "default": true
                              },
                              "owner": {
                                "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                                "type": "string"
                              }
                            },
                            "anyOf": [
                              {
                                "title": "Detections",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "threat_detections"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Detections output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "os_release_name",
                                                    "os_platform",
                                                    "os_type",
                                                    "os_version",
                                                    "category",
                                                    "type",
                                                    "path",
                                                    "status",
                                                    "scanned_at",
                                                    "reported_at",
                                                    "threat_name",
                                                    "affected_application",
                                                    "process_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "machine_ip",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "nics",
                                                    "md5",
                                                    "sha256",
                                                    "engine_version",
                                                    "last_user"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Detections output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "os_type",
                                        "os_version",
                                        "category",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "affected_application",
                                        "process_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "md5",
                                        "sha256",
                                        "engine_version",
                                        "last_user"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "affected_application",
                                            "category",
                                            "group_id",
                                            "group_name",
                                            "machine_id",
                                            "machine_ip",
                                            "machine_name",
                                            "os_platform",
                                            "os_release_name",
                                            "path",
                                            "policy_id",
                                            "policy_name",
                                            "process_name",
                                            "status",
                                            "threat_name",
                                            "type"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                                        "items": [
                                                          {
                                                            "const": "category"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by detection category",
                                                          "type": "string",
                                                          "enum": [
                                                            "MALWARE",
                                                            "PUP",
                                                            "PUM",
                                                            "AE",
                                                            "ARW",
                                                            "MWAC",
                                                            "RID",
                                                            "VULNERABLE_DRIVER"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action",
                                                          "type": "string",
                                                          "enum": [
                                                            "blocked",
                                                            "found",
                                                            "quarantined",
                                                            "deleted",
                                                            "restored"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3,
                                                            4,
                                                            5,
                                                            6
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"rtp\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "rtp"
                                                          },
                                                          {
                                                            "title": "Filter events by real time protection"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "rtp"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "rtp"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                                        "items": [
                                                          {
                                                            "const": "type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by type",
                                                          "type": "string",
                                                          "enum": [
                                                            "application",
                                                            "exploit",
                                                            "extension",
                                                            "file",
                                                            "folder",
                                                            "InboundConnection",
                                                            "module",
                                                            "OutboundConnection",
                                                            "process",
                                                            "reg_key",
                                                            "reg_value"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "not_contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "begins_with": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Suspicious activity",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "threat_suspicious_activity"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Suspicious activity",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "severity",
                                                    "account_id",
                                                    "account_name",
                                                    "os_release_name",
                                                    "os_platform",
                                                    "type",
                                                    "path",
                                                    "status",
                                                    "scanned_at",
                                                    "reported_at",
                                                    "threat_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "machine_ip",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "nics",
                                                    "last_user",
                                                    "first_activity",
                                                    "last_activity",
                                                    "isolation_type"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Suspicious activity",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "severity",
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "last_user",
                                        "first_activity",
                                        "last_activity",
                                        "isolation_type"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "group_id",
                                            "group_name",
                                            "machine_id",
                                            "machine_ip",
                                            "machine_name",
                                            "os_platform",
                                            "os_release_name",
                                            "path",
                                            "policy_id",
                                            "policy_name",
                                            "severity",
                                            "status",
                                            "threat_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                                        "items": [
                                                          {
                                                            "const": "level"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by severity level",
                                                          "type": "string",
                                                          "enum": [
                                                            "low",
                                                            "medium",
                                                            "high",
                                                            "critical"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3,
                                                            4,
                                                            5,
                                                            6
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "not_contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "begins_with": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by isolation_type exists",
                                                        "const": "isolation_type"
                                                      }
                                                    ]
                                                  },
                                                  "not_exists": {
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by isolation_type not exists",
                                                        "const": "isolation_type"
                                                      }
                                                    ]
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "User added",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "user_added"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "User added",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "ip_address",
                                                    "invited_by",
                                                    "role",
                                                    "email",
                                                    "full_group_access",
                                                    "timestamp",
                                                    "account_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "User added",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "invited_by",
                                        "role",
                                        "email",
                                        "full_group_access",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "invited_by",
                                            "ip_address",
                                            "role"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "User deleted",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "user_deleted"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "User deleted output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "ip_address",
                                                    "timestamp",
                                                    "account_id",
                                                    "deleted_by",
                                                    "email"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "User deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "timestamp",
                                        "account_id",
                                        "deleted_by",
                                        "email"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "ip_address",
                                            "deleted_by"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "User verified",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "user_verified"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "User verified",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "email",
                                                    "timestamp",
                                                    "account_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "User verified",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "email",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint registered",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_registered"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Endpoint registered output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "created_at"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Endpoint registered output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "created_at"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint deleted",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_unregistered"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Endpoint deleted output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "timestamp",
                                                    "timeout"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Endpoint deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "timestamp",
                                        "timeout"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"timeout\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "timeout"
                                                          },
                                                          {
                                                            "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "timeout"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "timeout"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Command update",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_command_update"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Command update output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "command",
                                                    "status",
                                                    "created_at",
                                                    "updated_at",
                                                    "expires_at",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Command update output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "command",
                                        "status",
                                        "created_at",
                                        "updated_at",
                                        "expires_at",
                                        "machine_id",
                                        "machine_name",
                                        "group_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "command",
                                            "status",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter the type of the machine_events to be notified",
                                                          "type": "string",
                                                          "enum": [
                                                            "CREATED",
                                                            "SENT",
                                                            "RECEIVED",
                                                            "STARTED",
                                                            "TIMED_OUT",
                                                            "COMPLETED",
                                                            "EXPIRED",
                                                            "FAILED",
                                                            "CANCELLED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Quarantine",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "quarantine"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Quarantine output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "path",
                                                    "machine_name",
                                                    "created_at",
                                                    "status"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Quarantine output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "path",
                                        "machine_name",
                                        "created_at",
                                        "status"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                                    "items": [
                                                      {
                                                        "const": "quarantine_action"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter the type of the quarantine_events to be notified",
                                                      "type": "string",
                                                      "enum": [
                                                        "QUARANTINE_DELETED",
                                                        "QUARANTINE_RESTORED"
                                                      ]
                                                    }
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Threat scan",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "threat_scan"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Threat scan output_fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "scan_date",
                                                    "scan_id",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "ip_address",
                                                    "detections"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Threat scan output_fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "scan_date",
                                        "scan_id",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "ip_address",
                                        "detections"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "ip_address",
                                            "policy_id",
                                            "policy_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat activity action",
                                                          "type": "string",
                                                          "enum": [
                                                            "THREAT_CLEANED",
                                                            "THREAT_FOUND"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Device control",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "device_control"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Device control output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "path",
                                                    "date",
                                                    "action",
                                                    "device_name",
                                                    "manufacturer",
                                                    "volume_serial",
                                                    "serial_number",
                                                    "physical_disk_name",
                                                    "disk_interface",
                                                    "file_system",
                                                    "volume_name",
                                                    "volume_device_path",
                                                    "last_user"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Device control output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "path",
                                        "date",
                                        "action",
                                        "device_name",
                                        "manufacturer",
                                        "volume_serial",
                                        "serial_number",
                                        "physical_disk_name",
                                        "disk_interface",
                                        "file_system",
                                        "volume_name",
                                        "volume_device_path",
                                        "last_user"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "group_id",
                                            "group_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform",
                                            "os_release_name",
                                            "policy_id",
                                            "policy_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action",
                                                          "type": "string",
                                                          "enum": [
                                                            "blocked",
                                                            "read-only"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Site end date",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_expiring"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Site end date output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product",
                                                    "licensed_product",
                                                    "license_expires_at",
                                                    "days_left"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Site end date output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "days_left"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                                        "items": [
                                                          {
                                                            "const": "days_left"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by days left before the license expiration",
                                                          "type": "number",
                                                          "enum": [
                                                            0,
                                                            1,
                                                            3,
                                                            5,
                                                            7,
                                                            14,
                                                            30
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                        "items": [
                                                          {
                                                            "const": "license_term_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by license term type",
                                                          "type": "string",
                                                          "enum": [
                                                            "cloud_evaluation",
                                                            "evaluation",
                                                            "freemium",
                                                            "nfr",
                                                            "site_license",
                                                            "subscription",
                                                            "utility"
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Site over deployed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_over_deployment"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Site over deployed output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Site over deployed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                        "items": [
                                                          {
                                                            "const": "license_term_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by license term type",
                                                          "type": "string",
                                                          "enum": [
                                                            "cloud_evaluation",
                                                            "evaluation",
                                                            "freemium",
                                                            "nfr",
                                                            "site_license",
                                                            "subscription",
                                                            "utility"
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Vulnerability status",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "cve_found"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Vulnerability status output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "product",
                                                    "vendor",
                                                    "installed_version",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "cve_id",
                                                    "severity",
                                                    "created_at",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "cisa_exploitable",
                                                    "known_ransomware_campaign_use",
                                                    "description",
                                                    "published_at",
                                                    "severity_score"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Vulnerability status output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "installed_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "cve_id",
                                        "severity",
                                        "created_at",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "description",
                                        "published_at",
                                        "severity_score"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "cve_id",
                                            "product",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                                        "items": [
                                                          {
                                                            "const": "severity"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by severity",
                                                          "type": "string",
                                                          "enum": [
                                                            "unknown",
                                                            "low",
                                                            "medium",
                                                            "high",
                                                            "critical"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"cisa_exploitable\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "cisa_exploitable"
                                                          },
                                                          {
                                                            "title": "Filter events by CISA exploitable"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "cisa_exploitable"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "cisa_exploitable"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by available patch exists",
                                                        "const": "available_patch"
                                                      }
                                                    ]
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by available patch not exists",
                                                        "const": "available_patch"
                                                      }
                                                    ]
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Patch applied",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "patch_applied"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Patch applied output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "title",
                                                    "description",
                                                    "product",
                                                    "vendor",
                                                    "severity",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "reboot_required",
                                                    "preview_patch",
                                                    "date",
                                                    "status",
                                                    "category"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Patch applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "status",
                                        "category"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "COMPLETED",
                                                            "FAILED",
                                                            "REBOOT_REQUIRED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"preview_patch\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          },
                                                          {
                                                            "title": "Filter events by preview_patch"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Software update applied",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "software_update"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Software update applied output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "product",
                                                    "vendor",
                                                    "current_version",
                                                    "new_version",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "date",
                                                    "status",
                                                    "signature_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Software update applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "current_version",
                                        "new_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "date",
                                        "status",
                                        "signature_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "COMPLETED",
                                                            "FAILED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Patch or software update available",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "patch_available"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Patch or software update available",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "title",
                                                    "description",
                                                    "product",
                                                    "vendor",
                                                    "severity",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "reboot_required",
                                                    "preview_patch",
                                                    "date",
                                                    "category",
                                                    "patch_id",
                                                    "released_at",
                                                    "size"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Patch or software update available",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "category",
                                        "patch_id",
                                        "released_at",
                                        "size"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                                        "items": [
                                                          {
                                                            "const": "severity"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by severity",
                                                          "type": "string",
                                                          "enum": [
                                                            "unknown",
                                                            "moderate",
                                                            "low",
                                                            "important",
                                                            "critical"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"reboot_required\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "reboot_required"
                                                          },
                                                          {
                                                            "title": "Filter events by reboot_required"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "reboot_required"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "reboot_required"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"preview_patch\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          },
                                                          {
                                                            "title": "Filter events by preview_patch"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS detection",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_detection"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS detection output fields",
                                                "minItems": 1,
                                                "type": "array",
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "file_name",
                                                    "css_threat_name",
                                                    "action_taken",
                                                    "file_location",
                                                    "file_owner",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS detection output fields",
                                    "minItems": 1,
                                    "type": "array",
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "file_name",
                                        "css_threat_name",
                                        "action_taken",
                                        "file_location",
                                        "file_owner",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "action_taken",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                                        "items": [
                                                          {
                                                            "const": "action_taken"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action taken",
                                                          "type": "string",
                                                          "enum": [
                                                            "Found",
                                                            "Quarantined"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                                        "items": [
                                                          {
                                                            "const": "cloud_provider"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by cloud provider",
                                                          "type": "string",
                                                          "enum": [
                                                            "BOX",
                                                            "ONEDRIVE",
                                                            "GOOGLEDRIVE"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"scan_configuration_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "scan_configuration_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by scan configuration name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "contains": {
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "not_contains": {
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "begins_with": {
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS capacity approached",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_capacity_approached"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS capacity approached output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS capacity approached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS capacity reached",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_capacity_reached"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS capacity reached output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS capacity reached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS capacity exceeded",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_capacity_exceeded"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS capacity exceeded output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS capacity exceeded output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "DNS blocked",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "dns_blocked"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "DNS blocked output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "timestamp",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "colo_id",
                                                    "device_id",
                                                    "user_id",
                                                    "dst_ip",
                                                    "src_ip",
                                                    "email",
                                                    "location",
                                                    "policy",
                                                    "rule_name",
                                                    "action",
                                                    "protocol",
                                                    "query_name",
                                                    "query_name_reversed",
                                                    "resolver_decision",
                                                    "query_category_ids",
                                                    "query_size",
                                                    "query_type",
                                                    "src_port",
                                                    "dst_port",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "os_architecture"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "DNS blocked output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "timestamp",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "colo_id",
                                        "device_id",
                                        "user_id",
                                        "dst_ip",
                                        "src_ip",
                                        "email",
                                        "location",
                                        "policy",
                                        "rule_name",
                                        "action",
                                        "protocol",
                                        "query_name",
                                        "query_name_reversed",
                                        "resolver_decision",
                                        "query_category_ids",
                                        "query_size",
                                        "query_type",
                                        "src_port",
                                        "dst_port",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "os_architecture"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Case management",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "siemplify_case"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Case management output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "case_id",
                                                    "case_name",
                                                    "case_status",
                                                    "case_created_at",
                                                    "priority",
                                                    "action_required",
                                                    "event",
                                                    "endpoints",
                                                    "detections"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Case management output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "case_id",
                                        "case_name",
                                        "case_status",
                                        "case_created_at",
                                        "priority",
                                        "action_required",
                                        "event",
                                        "endpoints",
                                        "detections"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "case_id"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                                        "items": [
                                                          {
                                                            "const": "event"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "case_created",
                                                            "case_updated",
                                                            "case_closed"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                                        "items": [
                                                          {
                                                            "const": "priority"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "Critical",
                                                            "High",
                                                            "Medium",
                                                            "Low"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"action_required\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "action_required"
                                                          },
                                                          {
                                                            "title": "Filter events by CISA exploitable"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "action_required"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "action_required"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Application block",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "app_block"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Application block output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "app_block_rules",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "scanned_at",
                                                    "file_path",
                                                    "last_user"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Application block output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "app_block_rules",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "scanned_at",
                                        "file_path",
                                        "last_user"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "group_id",
                                            "group_name",
                                            "policy_id",
                                            "policy_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "additionalItems": false
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "const": ""
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Entitlement changed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_entitlement_changed"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Entitlement changed output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product",
                                                    "licensed_product",
                                                    "license_expires_at",
                                                    "license_key_status",
                                                    "auto_renew",
                                                    "status"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Entitlement changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew",
                                        "status"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "added",
                                                            "updated",
                                                            "removed"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                        "items": [
                                                          {
                                                            "const": "license_term_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by license term type",
                                                          "type": "string",
                                                          "enum": [
                                                            "cloud_evaluation",
                                                            "evaluation",
                                                            "freemium",
                                                            "nfr",
                                                            "site_license",
                                                            "subscription",
                                                            "utility"
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Entitlement usage changed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_entitlement_usage_changed"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Entitlement usage changed output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product",
                                                    "licensed_product",
                                                    "license_expires_at",
                                                    "license_key_status",
                                                    "auto_renew"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Entitlement usage changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                    "items": [
                                                      {
                                                        "const": "license_term_type"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by license term type",
                                                      "type": "string",
                                                      "enum": [
                                                        "cloud_evaluation",
                                                        "evaluation",
                                                        "freemium",
                                                        "nfr",
                                                        "site_license",
                                                        "subscription",
                                                        "utility"
                                                      ]
                                                    }
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint status changed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_status_changed"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Endpoint status changed",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "status_change",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "codes"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Endpoint status changed",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "status_change",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "codes"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "status_change",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                                        "items": [
                                                          {
                                                            "const": "status_change"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter the type of status_change to be notified",
                                                          "type": "string",
                                                          "enum": [
                                                            "ENDPOINT_REBOOT_REQUIRED",
                                                            "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                            "ENDPOINT_INFECTED",
                                                            "ENDPOINT_REMEDIATED",
                                                            "ENDPOINT_ISOLATED",
                                                            "ENDPOINT_UNISOLATED",
                                                            "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                            "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                            "AGENT_ALERTS_CHANGED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Inactive endpoint",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "inactive_endpoint"
                                    ]
                                  },
                                  "delivery": {
                                    "properties": {
                                      "output_fields": {
                                        "title": "Information to include in the JSON body. If omitted, include all",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "group_id",
                                            "group_name",
                                            "policy_id",
                                            "policy_name",
                                            "os_platform",
                                            "os_release_name",
                                            "os_type",
                                            "os_version",
                                            "last_seen_at"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                                        "items": [
                                                          {
                                                            "const": "os_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS type",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"policy_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"policy_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"last_seen_at\"",
                                                        "items": [
                                                          {
                                                            "const": "last_seen_at"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter inactive machines by less than equals days since last active",
                                                          "type": "number",
                                                          "minimum": 1
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"last_seen_at\"",
                                                        "items": [
                                                          {
                                                            "const": "last_seen_at"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter inactive machines by less than equals days since last active",
                                                          "type": "number",
                                                          "minimum": 1
                                                        }
                                                      }
                                                    ]
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Firewall activity",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "firewall_activity"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Firewall activity output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "start_time",
                                                    "end_time",
                                                    "rule_id",
                                                    "rule_name",
                                                    "ruleset_id",
                                                    "ruleset_name",
                                                    "direction",
                                                    "action",
                                                    "protocol",
                                                    "location",
                                                    "program",
                                                    "service",
                                                    "hits",
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Firewall activity output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "start_time",
                                        "end_time",
                                        "rule_id",
                                        "rule_name",
                                        "ruleset_id",
                                        "ruleset_name",
                                        "direction",
                                        "action",
                                        "protocol",
                                        "location",
                                        "program",
                                        "service",
                                        "hits",
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action",
                                                          "type": "string",
                                                          "enum": [
                                                            "ALLOW",
                                                            "BLOCK"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                                        "items": [
                                                          {
                                                            "const": "direction"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by direction",
                                                          "type": "string",
                                                          "enum": [
                                                            "Inbound",
                                                            "Outbound"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint isolation",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_isolation"
                                    ]
                                  },
                                  "delivery": {
                                    "type": "array",
                                    "items": {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "output_fields": {
                                    "title": "Endpoint isolation output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "status",
                                        "created_at",
                                        "updated_at",
                                        "expires_at",
                                        "machine_id",
                                        "machine_name",
                                        "os_release_name",
                                        "os_platform",
                                        "os_type",
                                        "os_version",
                                        "rule_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "status",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter the type of the status update to be notified",
                                                          "type": "string",
                                                          "enum": [
                                                            "COMPLETED",
                                                            "EXPIRED",
                                                            "FAILED",
                                                            "CANCELLED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                        "const": "rule_id"
                                                      }
                                                    ]
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                        "const": "rule_id"
                                                      }
                                                    ]
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            ],
                            "if": {
                              "properties": {
                                "category": {
                                  "enum": [
                                    "user_added",
                                    "user_deleted",
                                    "user_verified",
                                    "license_over_deployment",
                                    "css_capacity_approached",
                                    "css_capacity_reached",
                                    "css_capacity_exceeded"
                                  ]
                                }
                              }
                            },
                            "then": {
                              "properties": {
                                "conditions": {
                                  "additionalProperties": false
                                }
                              }
                            }
                          },
                          {
                            "required": [
                              "id"
                            ],
                            "properties": {
                              "id": {
                                "title": "Notification Id",
                                "type": "string"
                              },
                              "updated_at": {
                                "title": "Updated at timestamp",
                                "type": "object",
                                "format": "date-time"
                              }
                            }
                          }
                        ]
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.get-all.notification"
      }
    },
    "/nebula/v1/notifications/subscriptions/{id}": {
      "delete": {
        "description": "Delete notification subscription.",
        "summary": "Delete notification",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.delete.notification"
      },
      "get": {
        "description": "Get notification subscription.",
        "summary": "Get notification",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The get notification Body",
                  "allOf": [
                    {
                      "type": "object",
                      "title": "The create notification Body",
                      "required": [
                        "name",
                        "category",
                        "delivery"
                      ],
                      "properties": {
                        "name": {
                          "title": "Notification name. Must be unique",
                          "type": "string"
                        },
                        "description": {
                          "title": "Notification description",
                          "type": "string",
                          "default": ""
                        },
                        "category": {
                          "title": "The category of the events to be notified",
                          "type": "string"
                        },
                        "conditions": {
                          "title": "Filters the events that will be notified. It depends on category",
                          "type": "object"
                        },
                        "aggregation": {
                          "title": "Aggregate multiple events in a single notifications",
                          "type": "object",
                          "properties": {
                            "interval": {
                              "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                              "type": "integer",
                              "minimum": 10,
                              "maximum": 86400
                            }
                          }
                        },
                        "enabled": {
                          "title": "enable/disable notification",
                          "type": "boolean",
                          "default": true
                        },
                        "owner": {
                          "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                          "type": "string"
                        }
                      },
                      "anyOf": [
                        {
                          "title": "Detections",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_detections"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Detections output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "os_release_name",
                                              "os_platform",
                                              "os_type",
                                              "os_version",
                                              "category",
                                              "type",
                                              "path",
                                              "status",
                                              "scanned_at",
                                              "reported_at",
                                              "threat_name",
                                              "affected_application",
                                              "process_name",
                                              "machine_id",
                                              "machine_name",
                                              "machine_ip",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "nics",
                                              "md5",
                                              "sha256",
                                              "engine_version",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Detections output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "os_release_name",
                                  "os_platform",
                                  "os_type",
                                  "os_version",
                                  "category",
                                  "type",
                                  "path",
                                  "status",
                                  "scanned_at",
                                  "reported_at",
                                  "threat_name",
                                  "affected_application",
                                  "process_name",
                                  "machine_id",
                                  "machine_name",
                                  "machine_ip",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "nics",
                                  "md5",
                                  "sha256",
                                  "engine_version",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "affected_application",
                                      "category",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_ip",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "path",
                                      "policy_id",
                                      "policy_name",
                                      "process_name",
                                      "status",
                                      "threat_name",
                                      "type"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                                  "items": [
                                                    {
                                                      "const": "category"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by detection category",
                                                    "type": "string",
                                                    "enum": [
                                                      "MALWARE",
                                                      "PUP",
                                                      "PUM",
                                                      "AE",
                                                      "ARW",
                                                      "MWAC",
                                                      "RID",
                                                      "VULNERABLE_DRIVER"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "blocked",
                                                      "found",
                                                      "quarantined",
                                                      "deleted",
                                                      "restored"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3,
                                                      4,
                                                      5,
                                                      6
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"rtp\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "rtp"
                                                    },
                                                    {
                                                      "title": "Filter events by real time protection"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "rtp"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "rtp"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                                  "items": [
                                                    {
                                                      "const": "type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by type",
                                                    "type": "string",
                                                    "enum": [
                                                      "application",
                                                      "exploit",
                                                      "extension",
                                                      "file",
                                                      "folder",
                                                      "InboundConnection",
                                                      "module",
                                                      "OutboundConnection",
                                                      "process",
                                                      "reg_key",
                                                      "reg_value"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Suspicious activity",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_suspicious_activity"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Suspicious activity",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "severity",
                                              "account_id",
                                              "account_name",
                                              "os_release_name",
                                              "os_platform",
                                              "type",
                                              "path",
                                              "status",
                                              "scanned_at",
                                              "reported_at",
                                              "threat_name",
                                              "machine_id",
                                              "machine_name",
                                              "machine_ip",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "nics",
                                              "last_user",
                                              "first_activity",
                                              "last_activity",
                                              "isolation_type"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Suspicious activity",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "severity",
                                  "account_id",
                                  "account_name",
                                  "os_release_name",
                                  "os_platform",
                                  "type",
                                  "path",
                                  "status",
                                  "scanned_at",
                                  "reported_at",
                                  "threat_name",
                                  "machine_id",
                                  "machine_name",
                                  "machine_ip",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "nics",
                                  "last_user",
                                  "first_activity",
                                  "last_activity",
                                  "isolation_type"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_ip",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "path",
                                      "policy_id",
                                      "policy_name",
                                      "severity",
                                      "status",
                                      "threat_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "level"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity level",
                                                    "type": "string",
                                                    "enum": [
                                                      "low",
                                                      "medium",
                                                      "high",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3,
                                                      4,
                                                      5,
                                                      6
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by isolation_type exists",
                                                  "const": "isolation_type"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by isolation_type not exists",
                                                  "const": "isolation_type"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User added",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_added"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User added",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "ip_address",
                                              "invited_by",
                                              "role",
                                              "email",
                                              "full_group_access",
                                              "timestamp",
                                              "account_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User added",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "ip_address",
                                  "invited_by",
                                  "role",
                                  "email",
                                  "full_group_access",
                                  "timestamp",
                                  "account_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "invited_by",
                                      "ip_address",
                                      "role"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User deleted",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_deleted"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User deleted output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "ip_address",
                                              "timestamp",
                                              "account_id",
                                              "deleted_by",
                                              "email"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User deleted output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "ip_address",
                                  "timestamp",
                                  "account_id",
                                  "deleted_by",
                                  "email"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "ip_address",
                                      "deleted_by"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User verified",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_verified"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User verified",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "email",
                                              "timestamp",
                                              "account_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User verified",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "email",
                                  "timestamp",
                                  "account_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint registered",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_registered"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint registered output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "created_at"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint registered output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "created_at"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint deleted",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_unregistered"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint deleted output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "timestamp",
                                              "timeout"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint deleted output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "timestamp",
                                  "timeout"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"timeout\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "timeout"
                                                    },
                                                    {
                                                      "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "timeout"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "timeout"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Command update",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_command_update"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Command update output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "command",
                                              "status",
                                              "created_at",
                                              "updated_at",
                                              "expires_at",
                                              "machine_id",
                                              "machine_name",
                                              "group_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Command update output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "command",
                                  "status",
                                  "created_at",
                                  "updated_at",
                                  "expires_at",
                                  "machine_id",
                                  "machine_name",
                                  "group_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "command",
                                      "status",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the machine_events to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "CREATED",
                                                      "SENT",
                                                      "RECEIVED",
                                                      "STARTED",
                                                      "TIMED_OUT",
                                                      "COMPLETED",
                                                      "EXPIRED",
                                                      "FAILED",
                                                      "CANCELLED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Quarantine",
                          "properties": {
                            "category": {
                              "enum": [
                                "quarantine"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Quarantine output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "path",
                                              "machine_name",
                                              "created_at",
                                              "status"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Quarantine output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "path",
                                  "machine_name",
                                  "created_at",
                                  "status"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                              "items": [
                                                {
                                                  "const": "quarantine_action"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter the type of the quarantine_events to be notified",
                                                "type": "string",
                                                "enum": [
                                                  "QUARANTINE_DELETED",
                                                  "QUARANTINE_RESTORED"
                                                ]
                                              }
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Threat scan",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_scan"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Threat scan output_fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "scan_date",
                                              "scan_id",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "ip_address",
                                              "detections"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Threat scan output_fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "scan_date",
                                  "scan_id",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "ip_address",
                                  "detections"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "ip_address",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat activity action",
                                                    "type": "string",
                                                    "enum": [
                                                      "THREAT_CLEANED",
                                                      "THREAT_FOUND"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Device control",
                          "properties": {
                            "category": {
                              "enum": [
                                "device_control"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Device control output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "path",
                                              "date",
                                              "action",
                                              "device_name",
                                              "manufacturer",
                                              "volume_serial",
                                              "serial_number",
                                              "physical_disk_name",
                                              "disk_interface",
                                              "file_system",
                                              "volume_name",
                                              "volume_device_path",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Device control output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "path",
                                  "date",
                                  "action",
                                  "device_name",
                                  "manufacturer",
                                  "volume_serial",
                                  "serial_number",
                                  "physical_disk_name",
                                  "disk_interface",
                                  "file_system",
                                  "volume_name",
                                  "volume_device_path",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "blocked",
                                                      "read-only"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Site end date",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_expiring"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Site end date output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "days_left"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Site end date output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "days_left"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                                  "items": [
                                                    {
                                                      "const": "days_left"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by days left before the license expiration",
                                                    "type": "number",
                                                    "enum": [
                                                      0,
                                                      1,
                                                      3,
                                                      5,
                                                      7,
                                                      14,
                                                      30
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Site over deployed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_over_deployment"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Site over deployed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Site over deployed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Vulnerability status",
                          "properties": {
                            "category": {
                              "enum": [
                                "cve_found"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Vulnerability status output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "product",
                                              "vendor",
                                              "installed_version",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "cve_id",
                                              "severity",
                                              "created_at",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "cisa_exploitable",
                                              "known_ransomware_campaign_use",
                                              "description",
                                              "published_at",
                                              "severity_score"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Vulnerability status output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "product",
                                  "vendor",
                                  "installed_version",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "cve_id",
                                  "severity",
                                  "created_at",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "cisa_exploitable",
                                  "known_ransomware_campaign_use",
                                  "description",
                                  "published_at",
                                  "severity_score"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "cve_id",
                                      "product",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "severity"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity",
                                                    "type": "string",
                                                    "enum": [
                                                      "unknown",
                                                      "low",
                                                      "medium",
                                                      "high",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"cisa_exploitable\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "cisa_exploitable"
                                                    },
                                                    {
                                                      "title": "Filter events by CISA exploitable"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "cisa_exploitable"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "cisa_exploitable"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by available patch exists",
                                                  "const": "available_patch"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by available patch not exists",
                                                  "const": "available_patch"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Patch applied",
                          "properties": {
                            "category": {
                              "enum": [
                                "patch_applied"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Patch applied output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "title",
                                              "description",
                                              "product",
                                              "vendor",
                                              "severity",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "reboot_required",
                                              "preview_patch",
                                              "date",
                                              "status",
                                              "category"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Patch applied output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "title",
                                  "description",
                                  "product",
                                  "vendor",
                                  "severity",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "reboot_required",
                                  "preview_patch",
                                  "date",
                                  "status",
                                  "category"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "FAILED",
                                                      "REBOOT_REQUIRED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"preview_patch\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "preview_patch"
                                                    },
                                                    {
                                                      "title": "Filter events by preview_patch"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Software update applied",
                          "properties": {
                            "category": {
                              "enum": [
                                "software_update"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Software update applied output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "product",
                                              "vendor",
                                              "current_version",
                                              "new_version",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "date",
                                              "status",
                                              "signature_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Software update applied output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "product",
                                  "vendor",
                                  "current_version",
                                  "new_version",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "date",
                                  "status",
                                  "signature_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "FAILED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Patch or software update available",
                          "properties": {
                            "category": {
                              "enum": [
                                "patch_available"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Patch or software update available",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "title",
                                              "description",
                                              "product",
                                              "vendor",
                                              "severity",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "reboot_required",
                                              "preview_patch",
                                              "date",
                                              "category",
                                              "patch_id",
                                              "released_at",
                                              "size"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Patch or software update available",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "title",
                                  "description",
                                  "product",
                                  "vendor",
                                  "severity",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "reboot_required",
                                  "preview_patch",
                                  "date",
                                  "category",
                                  "patch_id",
                                  "released_at",
                                  "size"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "severity"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity",
                                                    "type": "string",
                                                    "enum": [
                                                      "unknown",
                                                      "moderate",
                                                      "low",
                                                      "important",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"reboot_required\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "reboot_required"
                                                    },
                                                    {
                                                      "title": "Filter events by reboot_required"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "reboot_required"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "reboot_required"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"preview_patch\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "preview_patch"
                                                    },
                                                    {
                                                      "title": "Filter events by preview_patch"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS detection",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_detection"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS detection output fields",
                                          "minItems": 1,
                                          "type": "array",
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "file_name",
                                              "css_threat_name",
                                              "action_taken",
                                              "file_location",
                                              "file_owner",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS detection output fields",
                              "minItems": 1,
                              "type": "array",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "file_name",
                                  "css_threat_name",
                                  "action_taken",
                                  "file_location",
                                  "file_owner",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "action_taken",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                                  "items": [
                                                    {
                                                      "const": "action_taken"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action taken",
                                                    "type": "string",
                                                    "enum": [
                                                      "Found",
                                                      "Quarantined"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                                  "items": [
                                                    {
                                                      "const": "cloud_provider"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by cloud provider",
                                                    "type": "string",
                                                    "enum": [
                                                      "BOX",
                                                      "ONEDRIVE",
                                                      "GOOGLEDRIVE"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan configuration name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "contains": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity approached",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_approached"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity approached output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity approached output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity reached",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_reached"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity reached output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity reached output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity exceeded",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_exceeded"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity exceeded output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity exceeded output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "DNS blocked",
                          "properties": {
                            "category": {
                              "enum": [
                                "dns_blocked"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "DNS blocked output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "timestamp",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "colo_id",
                                              "device_id",
                                              "user_id",
                                              "dst_ip",
                                              "src_ip",
                                              "email",
                                              "location",
                                              "policy",
                                              "rule_name",
                                              "action",
                                              "protocol",
                                              "query_name",
                                              "query_name_reversed",
                                              "resolver_decision",
                                              "query_category_ids",
                                              "query_size",
                                              "query_type",
                                              "src_port",
                                              "dst_port",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "os_architecture"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "DNS blocked output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "timestamp",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "colo_id",
                                  "device_id",
                                  "user_id",
                                  "dst_ip",
                                  "src_ip",
                                  "email",
                                  "location",
                                  "policy",
                                  "rule_name",
                                  "action",
                                  "protocol",
                                  "query_name",
                                  "query_name_reversed",
                                  "resolver_decision",
                                  "query_category_ids",
                                  "query_size",
                                  "query_type",
                                  "src_port",
                                  "dst_port",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "os_architecture"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Case management",
                          "properties": {
                            "category": {
                              "enum": [
                                "siemplify_case"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Case management output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "case_id",
                                              "case_name",
                                              "case_status",
                                              "case_created_at",
                                              "priority",
                                              "action_required",
                                              "event",
                                              "endpoints",
                                              "detections"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Case management output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "case_id",
                                  "case_name",
                                  "case_status",
                                  "case_created_at",
                                  "priority",
                                  "action_required",
                                  "event",
                                  "endpoints",
                                  "detections"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "case_id"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                                  "items": [
                                                    {
                                                      "const": "event"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "case_created",
                                                      "case_updated",
                                                      "case_closed"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                                  "items": [
                                                    {
                                                      "const": "priority"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "Critical",
                                                      "High",
                                                      "Medium",
                                                      "Low"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"action_required\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "action_required"
                                                    },
                                                    {
                                                      "title": "Filter events by CISA exploitable"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "action_required"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "action_required"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Application block",
                          "properties": {
                            "category": {
                              "enum": [
                                "app_block"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Application block output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "app_block_rules",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "scanned_at",
                                              "file_path",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Application block output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "app_block_rules",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "scanned_at",
                                  "file_path",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "additionalItems": false
                                            },
                                            "lte": {
                                              "type": "array",
                                              "const": ""
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Entitlement changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_entitlement_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Entitlement changed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "license_key_status",
                                              "auto_renew",
                                              "status"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Entitlement changed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "license_key_status",
                                  "auto_renew",
                                  "status"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "added",
                                                      "updated",
                                                      "removed"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Entitlement usage changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_entitlement_usage_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Entitlement usage changed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "license_key_status",
                                              "auto_renew"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Entitlement usage changed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "license_key_status",
                                  "auto_renew"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                              "items": [
                                                {
                                                  "const": "license_term_type"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by license term type",
                                                "type": "string",
                                                "enum": [
                                                  "cloud_evaluation",
                                                  "evaluation",
                                                  "freemium",
                                                  "nfr",
                                                  "site_license",
                                                  "subscription",
                                                  "utility"
                                                ]
                                              }
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint status changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_status_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint status changed",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "status_change",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "codes"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint status changed",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "status_change",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "codes"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status_change",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                                  "items": [
                                                    {
                                                      "const": "status_change"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of status_change to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "ENDPOINT_REBOOT_REQUIRED",
                                                      "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                      "ENDPOINT_INFECTED",
                                                      "ENDPOINT_REMEDIATED",
                                                      "ENDPOINT_ISOLATED",
                                                      "ENDPOINT_UNISOLATED",
                                                      "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                      "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                      "AGENT_ALERTS_CHANGED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Inactive endpoint",
                          "properties": {
                            "category": {
                              "enum": [
                                "inactive_endpoint"
                              ]
                            },
                            "delivery": {
                              "properties": {
                                "output_fields": {
                                  "title": "Information to include in the JSON body. If omitted, include all",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "last_seen_at"
                                    ]
                                  }
                                }
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                                  "items": [
                                                    {
                                                      "const": "os_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS type",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"policy_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"policy_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"last_seen_at\"",
                                                  "items": [
                                                    {
                                                      "const": "last_seen_at"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter inactive machines by less than equals days since last active",
                                                    "type": "number",
                                                    "minimum": 1
                                                  }
                                                }
                                              ]
                                            },
                                            "gte": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"last_seen_at\"",
                                                  "items": [
                                                    {
                                                      "const": "last_seen_at"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter inactive machines by less than equals days since last active",
                                                    "type": "number",
                                                    "minimum": 1
                                                  }
                                                }
                                              ]
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Firewall activity",
                          "properties": {
                            "category": {
                              "enum": [
                                "firewall_activity"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Firewall activity output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "start_time",
                                              "end_time",
                                              "rule_id",
                                              "rule_name",
                                              "ruleset_id",
                                              "ruleset_name",
                                              "direction",
                                              "action",
                                              "protocol",
                                              "location",
                                              "program",
                                              "service",
                                              "hits",
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Firewall activity output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "start_time",
                                  "end_time",
                                  "rule_id",
                                  "rule_name",
                                  "ruleset_id",
                                  "ruleset_name",
                                  "direction",
                                  "action",
                                  "protocol",
                                  "location",
                                  "program",
                                  "service",
                                  "hits",
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "ALLOW",
                                                      "BLOCK"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                                  "items": [
                                                    {
                                                      "const": "direction"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by direction",
                                                    "type": "string",
                                                    "enum": [
                                                      "Inbound",
                                                      "Outbound"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint isolation",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_isolation"
                              ]
                            },
                            "delivery": {
                              "type": "array",
                              "items": {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              }
                            },
                            "output_fields": {
                              "title": "Endpoint isolation output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "status",
                                  "created_at",
                                  "updated_at",
                                  "expires_at",
                                  "machine_id",
                                  "machine_name",
                                  "os_release_name",
                                  "os_platform",
                                  "os_type",
                                  "os_version",
                                  "rule_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the status update to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "EXPIRED",
                                                      "FAILED",
                                                      "CANCELLED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                  "const": "rule_id"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                  "const": "rule_id"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      ],
                      "if": {
                        "properties": {
                          "category": {
                            "enum": [
                              "user_added",
                              "user_deleted",
                              "user_verified",
                              "license_over_deployment",
                              "css_capacity_approached",
                              "css_capacity_reached",
                              "css_capacity_exceeded"
                            ]
                          }
                        }
                      },
                      "then": {
                        "properties": {
                          "conditions": {
                            "additionalProperties": false
                          }
                        }
                      }
                    },
                    {
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "title": "Notification Id",
                          "type": "string"
                        },
                        "updated_at": {
                          "title": "Updated at timestamp",
                          "type": "object",
                          "format": "date-time"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.get.notification"
      },
      "put": {
        "description": "Update notification subscription.",
        "summary": "Update notification",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The create notification Body",
                "required": [
                  "name",
                  "category",
                  "delivery"
                ],
                "properties": {
                  "name": {
                    "title": "Notification name. Must be unique",
                    "type": "string"
                  },
                  "description": {
                    "title": "Notification description",
                    "type": "string",
                    "default": ""
                  },
                  "category": {
                    "title": "The category of the events to be notified",
                    "type": "string"
                  },
                  "conditions": {
                    "title": "Filters the events that will be notified. It depends on category",
                    "type": "object"
                  },
                  "aggregation": {
                    "title": "Aggregate multiple events in a single notifications",
                    "type": "object",
                    "properties": {
                      "interval": {
                        "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                        "type": "integer",
                        "minimum": 10,
                        "maximum": 86400
                      }
                    }
                  },
                  "enabled": {
                    "title": "enable/disable notification",
                    "type": "boolean",
                    "default": true
                  },
                  "owner": {
                    "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                    "type": "string"
                  }
                },
                "anyOf": [
                  {
                    "title": "Detections",
                    "properties": {
                      "category": {
                        "enum": [
                          "threat_detections"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Detections output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "os_type",
                                        "os_version",
                                        "category",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "affected_application",
                                        "process_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "md5",
                                        "sha256",
                                        "engine_version",
                                        "last_user"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Detections output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "os_release_name",
                            "os_platform",
                            "os_type",
                            "os_version",
                            "category",
                            "type",
                            "path",
                            "status",
                            "scanned_at",
                            "reported_at",
                            "threat_name",
                            "affected_application",
                            "process_name",
                            "machine_id",
                            "machine_name",
                            "machine_ip",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "nics",
                            "md5",
                            "sha256",
                            "engine_version",
                            "last_user"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "affected_application",
                                "category",
                                "group_id",
                                "group_name",
                                "machine_id",
                                "machine_ip",
                                "machine_name",
                                "os_platform",
                                "os_release_name",
                                "path",
                                "policy_id",
                                "policy_name",
                                "process_name",
                                "status",
                                "threat_name",
                                "type"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                            "items": [
                                              {
                                                "const": "category"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by detection category",
                                              "type": "string",
                                              "enum": [
                                                "MALWARE",
                                                "PUP",
                                                "PUM",
                                                "AE",
                                                "ARW",
                                                "MWAC",
                                                "RID",
                                                "VULNERABLE_DRIVER"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action",
                                              "type": "string",
                                              "enum": [
                                                "blocked",
                                                "found",
                                                "quarantined",
                                                "deleted",
                                                "restored"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3,
                                                4,
                                                5,
                                                6
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"rtp\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "rtp"
                                              },
                                              {
                                                "title": "Filter events by real time protection"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "rtp"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "rtp"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                            "items": [
                                              {
                                                "const": "type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by type",
                                              "type": "string",
                                              "enum": [
                                                "application",
                                                "exploit",
                                                "extension",
                                                "file",
                                                "folder",
                                                "InboundConnection",
                                                "module",
                                                "OutboundConnection",
                                                "process",
                                                "reg_key",
                                                "reg_value"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "not_contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "begins_with": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Suspicious activity",
                    "properties": {
                      "category": {
                        "enum": [
                          "threat_suspicious_activity"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Suspicious activity",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "severity",
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "last_user",
                                        "first_activity",
                                        "last_activity",
                                        "isolation_type"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Suspicious activity",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "severity",
                            "account_id",
                            "account_name",
                            "os_release_name",
                            "os_platform",
                            "type",
                            "path",
                            "status",
                            "scanned_at",
                            "reported_at",
                            "threat_name",
                            "machine_id",
                            "machine_name",
                            "machine_ip",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "nics",
                            "last_user",
                            "first_activity",
                            "last_activity",
                            "isolation_type"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "group_id",
                                "group_name",
                                "machine_id",
                                "machine_ip",
                                "machine_name",
                                "os_platform",
                                "os_release_name",
                                "path",
                                "policy_id",
                                "policy_name",
                                "severity",
                                "status",
                                "threat_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                            "items": [
                                              {
                                                "const": "level"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by severity level",
                                              "type": "string",
                                              "enum": [
                                                "low",
                                                "medium",
                                                "high",
                                                "critical"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3,
                                                4,
                                                5,
                                                6
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"threat_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "threat_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "not_contains": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "begins_with": {
                                        "title": "0: \"threat_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "threat_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by threat_name",
                                          "type": "string"
                                        }
                                      },
                                      "exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by isolation_type exists",
                                            "const": "isolation_type"
                                          }
                                        ]
                                      },
                                      "not_exists": {
                                        "anyOf": [
                                          {
                                            "title": "Filter events by isolation_type not exists",
                                            "const": "isolation_type"
                                          }
                                        ]
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "User added",
                    "properties": {
                      "category": {
                        "enum": [
                          "user_added"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "User added",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "invited_by",
                                        "role",
                                        "email",
                                        "full_group_access",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "User added",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "ip_address",
                            "invited_by",
                            "role",
                            "email",
                            "full_group_access",
                            "timestamp",
                            "account_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "invited_by",
                                "ip_address",
                                "role"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "User deleted",
                    "properties": {
                      "category": {
                        "enum": [
                          "user_deleted"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "User deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "timestamp",
                                        "account_id",
                                        "deleted_by",
                                        "email"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "User deleted output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "ip_address",
                            "timestamp",
                            "account_id",
                            "deleted_by",
                            "email"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "ip_address",
                                "deleted_by"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "User verified",
                    "properties": {
                      "category": {
                        "enum": [
                          "user_verified"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "User verified",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "email",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "User verified",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "email",
                            "timestamp",
                            "account_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint registered",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_registered"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Endpoint registered output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "created_at"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Endpoint registered output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "created_at"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint deleted",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_unregistered"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Endpoint deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "timestamp",
                                        "timeout"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Endpoint deleted output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "timestamp",
                            "timeout"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"timeout\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "timeout"
                                              },
                                              {
                                                "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "timeout"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "timeout"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Command update",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_command_update"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Command update output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "command",
                                        "status",
                                        "created_at",
                                        "updated_at",
                                        "expires_at",
                                        "machine_id",
                                        "machine_name",
                                        "group_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Command update output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "command",
                            "status",
                            "created_at",
                            "updated_at",
                            "expires_at",
                            "machine_id",
                            "machine_name",
                            "group_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "command",
                                "status",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter the type of the machine_events to be notified",
                                              "type": "string",
                                              "enum": [
                                                "CREATED",
                                                "SENT",
                                                "RECEIVED",
                                                "STARTED",
                                                "TIMED_OUT",
                                                "COMPLETED",
                                                "EXPIRED",
                                                "FAILED",
                                                "CANCELLED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Quarantine",
                    "properties": {
                      "category": {
                        "enum": [
                          "quarantine"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Quarantine output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "path",
                                        "machine_name",
                                        "created_at",
                                        "status"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Quarantine output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "path",
                            "machine_name",
                            "created_at",
                            "status"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                        "items": [
                                          {
                                            "const": "quarantine_action"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter the type of the quarantine_events to be notified",
                                          "type": "string",
                                          "enum": [
                                            "QUARANTINE_DELETED",
                                            "QUARANTINE_RESTORED"
                                          ]
                                        }
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Threat scan",
                    "properties": {
                      "category": {
                        "enum": [
                          "threat_scan"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Threat scan output_fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "scan_date",
                                        "scan_id",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "ip_address",
                                        "detections"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Threat scan output_fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "scan_date",
                            "scan_id",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "ip_address",
                            "detections"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "ip_address",
                                "policy_id",
                                "policy_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat activity action",
                                              "type": "string",
                                              "enum": [
                                                "THREAT_CLEANED",
                                                "THREAT_FOUND"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Device control",
                    "properties": {
                      "category": {
                        "enum": [
                          "device_control"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Device control output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "path",
                                        "date",
                                        "action",
                                        "device_name",
                                        "manufacturer",
                                        "volume_serial",
                                        "serial_number",
                                        "physical_disk_name",
                                        "disk_interface",
                                        "file_system",
                                        "volume_name",
                                        "volume_device_path",
                                        "last_user"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Device control output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "path",
                            "date",
                            "action",
                            "device_name",
                            "manufacturer",
                            "volume_serial",
                            "serial_number",
                            "physical_disk_name",
                            "disk_interface",
                            "file_system",
                            "volume_name",
                            "volume_device_path",
                            "last_user"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "group_id",
                                "group_name",
                                "machine_id",
                                "machine_name",
                                "os_platform",
                                "os_release_name",
                                "policy_id",
                                "policy_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action",
                                              "type": "string",
                                              "enum": [
                                                "blocked",
                                                "read-only"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"device_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "device_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"manufacturer\". 1: string",
                                            "items": [
                                              {
                                                "const": "manufacturer"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by threat_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Site end date",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_expiring"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Site end date output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "days_left"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Site end date output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product",
                            "licensed_product",
                            "license_expires_at",
                            "days_left"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                            "items": [
                                              {
                                                "const": "days_left"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by days left before the license expiration",
                                              "type": "number",
                                              "enum": [
                                                0,
                                                1,
                                                3,
                                                5,
                                                7,
                                                14,
                                                30
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                            "items": [
                                              {
                                                "const": "license_term_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by license term type",
                                              "type": "string",
                                              "enum": [
                                                "cloud_evaluation",
                                                "evaluation",
                                                "freemium",
                                                "nfr",
                                                "site_license",
                                                "subscription",
                                                "utility"
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Site over deployed",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_over_deployment"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Site over deployed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Site over deployed output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                            "items": [
                                              {
                                                "const": "license_term_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by license term type",
                                              "type": "string",
                                              "enum": [
                                                "cloud_evaluation",
                                                "evaluation",
                                                "freemium",
                                                "nfr",
                                                "site_license",
                                                "subscription",
                                                "utility"
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Vulnerability status",
                    "properties": {
                      "category": {
                        "enum": [
                          "cve_found"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Vulnerability status output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "installed_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "cve_id",
                                        "severity",
                                        "created_at",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "description",
                                        "published_at",
                                        "severity_score"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Vulnerability status output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "product",
                            "vendor",
                            "installed_version",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "cve_id",
                            "severity",
                            "created_at",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "description",
                            "published_at",
                            "severity_score"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "cve_id",
                                "product",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                            "items": [
                                              {
                                                "const": "severity"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by severity",
                                              "type": "string",
                                              "enum": [
                                                "unknown",
                                                "low",
                                                "medium",
                                                "high",
                                                "critical"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"cisa_exploitable\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "cisa_exploitable"
                                              },
                                              {
                                                "title": "Filter events by CISA exploitable"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "cisa_exploitable"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "cisa_exploitable"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by available patch exists",
                                            "const": "available_patch"
                                          }
                                        ]
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by available patch not exists",
                                            "const": "available_patch"
                                          }
                                        ]
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Patch applied",
                    "properties": {
                      "category": {
                        "enum": [
                          "patch_applied"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Patch applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "status",
                                        "category"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Patch applied output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "title",
                            "description",
                            "product",
                            "vendor",
                            "severity",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "reboot_required",
                            "preview_patch",
                            "date",
                            "status",
                            "category"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "COMPLETED",
                                                "FAILED",
                                                "REBOOT_REQUIRED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"preview_patch\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "preview_patch"
                                              },
                                              {
                                                "title": "Filter events by preview_patch"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Software update applied",
                    "properties": {
                      "category": {
                        "enum": [
                          "software_update"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Software update applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "current_version",
                                        "new_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "date",
                                        "status",
                                        "signature_id"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Software update applied output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "product",
                            "vendor",
                            "current_version",
                            "new_version",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "date",
                            "status",
                            "signature_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "COMPLETED",
                                                "FAILED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Patch or software update available",
                    "properties": {
                      "category": {
                        "enum": [
                          "patch_available"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Patch or software update available",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "category",
                                        "patch_id",
                                        "released_at",
                                        "size"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Patch or software update available",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "title",
                            "description",
                            "product",
                            "vendor",
                            "severity",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_version",
                            "reboot_required",
                            "preview_patch",
                            "date",
                            "category",
                            "patch_id",
                            "released_at",
                            "size"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "os_platform"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                            "items": [
                                              {
                                                "const": "severity"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by severity",
                                              "type": "string",
                                              "enum": [
                                                "unknown",
                                                "moderate",
                                                "low",
                                                "important",
                                                "critical"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"reboot_required\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "reboot_required"
                                              },
                                              {
                                                "title": "Filter events by reboot_required"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "reboot_required"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "reboot_required"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"preview_patch\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "preview_patch"
                                              },
                                              {
                                                "title": "Filter events by preview_patch"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "preview_patch"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"product\". 1: string",
                                            "items": [
                                              {
                                                "const": "product"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by product",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"vendor\". 1: string",
                                            "items": [
                                              {
                                                "const": "vendor"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by vendor",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS detection",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_detection"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS detection output fields",
                                    "minItems": 1,
                                    "type": "array",
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "file_name",
                                        "css_threat_name",
                                        "action_taken",
                                        "file_location",
                                        "file_owner",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS detection output fields",
                        "minItems": 1,
                        "type": "array",
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "file_name",
                            "css_threat_name",
                            "action_taken",
                            "file_location",
                            "file_owner",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "action_taken",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                            "items": [
                                              {
                                                "const": "action_taken"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action taken",
                                              "type": "string",
                                              "enum": [
                                                "Found",
                                                "Quarantined"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                            "items": [
                                              {
                                                "const": "cloud_provider"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by cloud provider",
                                              "type": "string",
                                              "enum": [
                                                "BOX",
                                                "ONEDRIVE",
                                                "GOOGLEDRIVE"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"scan_configuration_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "scan_configuration_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by scan configuration name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "contains": {
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "not_contains": {
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "begins_with": {
                                        "title": "0: \"scan_configuration_name\". 1: string",
                                        "type": "array",
                                        "items": [
                                          {
                                            "const": "scan_configuration_name"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by scan_configuration_name",
                                          "type": "string"
                                        }
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS capacity approached",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_capacity_approached"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS capacity approached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS capacity approached output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS capacity reached",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_capacity_reached"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS capacity reached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS capacity reached output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "CSS capacity exceeded",
                    "properties": {
                      "category": {
                        "enum": [
                          "css_capacity_exceeded"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "CSS capacity exceeded output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "CSS capacity exceeded output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "cloud_provider",
                            "scan_configuration_name",
                            "timestamp"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "cloud_provider",
                                "scan_configuration_name"
                              ]
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "DNS blocked",
                    "properties": {
                      "category": {
                        "enum": [
                          "dns_blocked"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "DNS blocked output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "timestamp",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "colo_id",
                                        "device_id",
                                        "user_id",
                                        "dst_ip",
                                        "src_ip",
                                        "email",
                                        "location",
                                        "policy",
                                        "rule_name",
                                        "action",
                                        "protocol",
                                        "query_name",
                                        "query_name_reversed",
                                        "resolver_decision",
                                        "query_category_ids",
                                        "query_size",
                                        "query_type",
                                        "src_port",
                                        "dst_port",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "os_architecture"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "DNS blocked output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "timestamp",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "colo_id",
                            "device_id",
                            "user_id",
                            "dst_ip",
                            "src_ip",
                            "email",
                            "location",
                            "policy",
                            "rule_name",
                            "action",
                            "protocol",
                            "query_name",
                            "query_name_reversed",
                            "resolver_decision",
                            "query_category_ids",
                            "query_size",
                            "query_type",
                            "src_port",
                            "dst_port",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "os_architecture"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Case management",
                    "properties": {
                      "category": {
                        "enum": [
                          "siemplify_case"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Case management output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "case_id",
                                        "case_name",
                                        "case_status",
                                        "case_created_at",
                                        "priority",
                                        "action_required",
                                        "event",
                                        "endpoints",
                                        "detections"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Case management output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "case_id",
                            "case_name",
                            "case_status",
                            "case_created_at",
                            "priority",
                            "action_required",
                            "event",
                            "endpoints",
                            "detections"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "case_id"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                            "items": [
                                              {
                                                "const": "event"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "case_created",
                                                "case_updated",
                                                "case_closed"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                            "items": [
                                              {
                                                "const": "priority"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "Critical",
                                                "High",
                                                "Medium",
                                                "Low"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"action_required\". 1: true, false",
                                            "items": [
                                              {
                                                "const": "action_required"
                                              },
                                              {
                                                "title": "Filter events by CISA exploitable"
                                              }
                                            ],
                                            "additionalItems": false,
                                            "if": {
                                              "items": [
                                                {
                                                  "const": "action_required"
                                                }
                                              ]
                                            },
                                            "then": {
                                              "items": [
                                                {
                                                  "const": "action_required"
                                                },
                                                {
                                                  "type": "boolean"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Application block",
                    "properties": {
                      "category": {
                        "enum": [
                          "app_block"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Application block output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "app_block_rules",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "scanned_at",
                                        "file_path",
                                        "last_user"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Application block output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "app_block_rules",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "scanned_at",
                            "file_path",
                            "last_user"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "group_id",
                                "group_name",
                                "policy_id",
                                "policy_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "additionalItems": false
                                      },
                                      "lte": {
                                        "type": "array",
                                        "const": ""
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Entitlement changed",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_entitlement_changed"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Entitlement changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew",
                                        "status"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Entitlement changed output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product",
                            "licensed_product",
                            "license_expires_at",
                            "license_key_status",
                            "auto_renew",
                            "status"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by status",
                                              "type": "string",
                                              "enum": [
                                                "added",
                                                "updated",
                                                "removed"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                            "items": [
                                              {
                                                "const": "license_term_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by license term type",
                                              "type": "string",
                                              "enum": [
                                                "cloud_evaluation",
                                                "evaluation",
                                                "freemium",
                                                "nfr",
                                                "site_license",
                                                "subscription",
                                                "utility"
                                              ]
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Entitlement usage changed",
                    "properties": {
                      "category": {
                        "enum": [
                          "license_entitlement_usage_changed"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Entitlement usage changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Entitlement usage changed output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "license_term_type",
                            "license_status",
                            "licensed_seats",
                            "used_seats",
                            "license_key",
                            "catalog_code",
                            "combo_product",
                            "licensed_product",
                            "license_expires_at",
                            "license_key_status",
                            "auto_renew"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "license_term_type",
                                "license_status"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                        "items": [
                                          {
                                            "const": "license_term_type"
                                          }
                                        ],
                                        "additionalItems": {
                                          "title": "Filter events by license term type",
                                          "type": "string",
                                          "enum": [
                                            "cloud_evaluation",
                                            "evaluation",
                                            "freemium",
                                            "nfr",
                                            "site_license",
                                            "subscription",
                                            "utility"
                                          ]
                                        }
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint status changed",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_status_changed"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Endpoint status changed",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "status_change",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "codes"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Endpoint status changed",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "status_change",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version",
                            "codes"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "status_change",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                            "items": [
                                              {
                                                "const": "status_change"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter the type of status_change to be notified",
                                              "type": "string",
                                              "enum": [
                                                "ENDPOINT_REBOOT_REQUIRED",
                                                "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                "ENDPOINT_INFECTED",
                                                "ENDPOINT_REMEDIATED",
                                                "ENDPOINT_ISOLATED",
                                                "ENDPOINT_UNISOLATED",
                                                "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                "AGENT_ALERTS_CHANGED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Inactive endpoint",
                    "properties": {
                      "category": {
                        "enum": [
                          "inactive_endpoint"
                        ]
                      },
                      "delivery": {
                        "properties": {
                          "output_fields": {
                            "title": "Information to include in the JSON body. If omitted, include all",
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name",
                                "group_id",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "os_platform",
                                "os_release_name",
                                "os_type",
                                "os_version",
                                "last_seen_at"
                              ]
                            }
                          }
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                            "items": [
                                              {
                                                "const": "os_type"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS type",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"policy_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"policy_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_name",
                                              "type": "string"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_name\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_name"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_name",
                                              "type": "string"
                                            }
                                          }
                                        ]
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"last_seen_at\"",
                                            "items": [
                                              {
                                                "const": "last_seen_at"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter inactive machines by less than equals days since last active",
                                              "type": "number",
                                              "minimum": 1
                                            }
                                          }
                                        ]
                                      },
                                      "gte": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"last_seen_at\"",
                                            "items": [
                                              {
                                                "const": "last_seen_at"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter inactive machines by less than equals days since last active",
                                              "type": "number",
                                              "minimum": 1
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Firewall activity",
                    "properties": {
                      "category": {
                        "enum": [
                          "firewall_activity"
                        ]
                      },
                      "delivery": {
                        "anyOf": [
                          {
                            "allOf": [
                              {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              {
                                "properties": {
                                  "output_fields": {
                                    "title": "Firewall activity output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "start_time",
                                        "end_time",
                                        "rule_id",
                                        "rule_name",
                                        "ruleset_id",
                                        "ruleset_name",
                                        "direction",
                                        "action",
                                        "protocol",
                                        "location",
                                        "program",
                                        "service",
                                        "hits",
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version"
                                      ]
                                    }
                                  }
                                }
                              }
                            ]
                          },
                          {
                            "type": "array",
                            "items": {
                              "title": "Notification delivery schema",
                              "type": "object",
                              "required": [
                                "type"
                              ],
                              "anyOf": [
                                {
                                  "title": "Webhook delivery",
                                  "required": [
                                    "url"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "webhook"
                                      ]
                                    },
                                    "url": {
                                      "title": "Webhook url",
                                      "type": "string",
                                      "format": "uri"
                                    },
                                    "custom_headers": {
                                      "title": "Custom headers that will be included in the request",
                                      "type": "object",
                                      "additionalProperties": {
                                        "type": "string"
                                      }
                                    },
                                    "max_retries": {
                                      "title": "Maximum number of retries if the delivery is not successful",
                                      "type": "number"
                                    },
                                    "secret_token": {
                                      "title": "The secret token that will be used to sign the message",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Email delivery",
                                  "required": [
                                    "recipients",
                                    "subject"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "email"
                                      ]
                                    },
                                    "recipients": {
                                      "title": "Recipients list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "format": "email"
                                      }
                                    },
                                    "subject": {
                                      "title": "The subject of the email",
                                      "type": "string"
                                    }
                                  }
                                },
                                {
                                  "title": "Slack delivery",
                                  "required": [
                                    "channels"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "slack"
                                      ]
                                    },
                                    "channels": {
                                      "title": "Slack channels list",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MS Teams delivery",
                                  "required": [
                                    "conversations"
                                  ],
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "teams"
                                      ]
                                    },
                                    "conversations": {
                                      "title": "MS Teams conversations IDs",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Mobile push notification delivery",
                                  "properties": {
                                    "type": {
                                      "title": "Delivery method",
                                      "type": "string",
                                      "enum": [
                                        "mobile"
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      },
                      "output_fields": {
                        "title": "Firewall activity output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "start_time",
                            "end_time",
                            "rule_id",
                            "rule_name",
                            "ruleset_id",
                            "ruleset_name",
                            "direction",
                            "action",
                            "protocol",
                            "location",
                            "program",
                            "service",
                            "hits",
                            "account_id",
                            "account_name",
                            "machine_id",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "os_platform",
                            "os_release_name",
                            "os_type",
                            "os_version"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                            "items": [
                                              {
                                                "const": "action"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by action",
                                              "type": "string",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                            "items": [
                                              {
                                                "const": "direction"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by direction",
                                              "type": "string",
                                              "enum": [
                                                "Inbound",
                                                "Outbound"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                            "items": [
                                              {
                                                "const": "os_platform"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by OS platform",
                                              "type": "number",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"policy_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "policy_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by policy_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "const": ""
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  },
                  {
                    "title": "Endpoint isolation",
                    "properties": {
                      "category": {
                        "enum": [
                          "endpoint_isolation"
                        ]
                      },
                      "delivery": {
                        "type": "array",
                        "items": {
                          "title": "Notification delivery schema",
                          "type": "object",
                          "required": [
                            "type"
                          ],
                          "anyOf": [
                            {
                              "title": "Webhook delivery",
                              "required": [
                                "url"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "webhook"
                                  ]
                                },
                                "url": {
                                  "title": "Webhook url",
                                  "type": "string",
                                  "format": "uri"
                                },
                                "custom_headers": {
                                  "title": "Custom headers that will be included in the request",
                                  "type": "object",
                                  "additionalProperties": {
                                    "type": "string"
                                  }
                                },
                                "max_retries": {
                                  "title": "Maximum number of retries if the delivery is not successful",
                                  "type": "number"
                                },
                                "secret_token": {
                                  "title": "The secret token that will be used to sign the message",
                                  "type": "string"
                                }
                              }
                            },
                            {
                              "title": "Email delivery",
                              "required": [
                                "recipients",
                                "subject"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "email"
                                  ]
                                },
                                "recipients": {
                                  "title": "Recipients list",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "format": "email"
                                  }
                                },
                                "subject": {
                                  "title": "The subject of the email",
                                  "type": "string"
                                }
                              }
                            },
                            {
                              "title": "Slack delivery",
                              "required": [
                                "channels"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "slack"
                                  ]
                                },
                                "channels": {
                                  "title": "Slack channels list",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "MS Teams delivery",
                              "required": [
                                "conversations"
                              ],
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "teams"
                                  ]
                                },
                                "conversations": {
                                  "title": "MS Teams conversations IDs",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Mobile push notification delivery",
                              "properties": {
                                "type": {
                                  "title": "Delivery method",
                                  "type": "string",
                                  "enum": [
                                    "mobile"
                                  ]
                                }
                              }
                            }
                          ]
                        }
                      },
                      "output_fields": {
                        "title": "Endpoint isolation output fields",
                        "type": "array",
                        "minItems": 1,
                        "items": {
                          "type": "string",
                          "enum": [
                            "account_id",
                            "account_name",
                            "status",
                            "created_at",
                            "updated_at",
                            "expires_at",
                            "machine_id",
                            "machine_name",
                            "os_release_name",
                            "os_platform",
                            "os_type",
                            "os_version",
                            "rule_id"
                          ]
                        }
                      },
                      "aggregation": {
                        "properties": {
                          "group_by": {
                            "type": "array",
                            "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                            "items": {
                              "type": "string",
                              "enum": [
                                "account_id",
                                "account_name",
                                "status",
                                "machine_id",
                                "machine_name"
                              ]
                            }
                          }
                        }
                      },
                      "conditions": {
                        "title": "Filters the events that will be notified. It depends on category",
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "or": {
                            "type": "array",
                            "minItems": 1,
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "and": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                            "items": [
                                              {
                                                "const": "status"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter the type of the status update to be notified",
                                              "type": "string",
                                              "enum": [
                                                "COMPLETED",
                                                "EXPIRED",
                                                "FAILED",
                                                "CANCELLED"
                                              ]
                                            }
                                          },
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "not_eq": {
                                        "type": "array",
                                        "anyOf": [
                                          {
                                            "title": "0: \"machine_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "machine_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by machine_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          },
                                          {
                                            "title": "0: \"group_id\". 1: string",
                                            "items": [
                                              {
                                                "const": "group_id"
                                              }
                                            ],
                                            "additionalItems": {
                                              "title": "Filter events by group_id",
                                              "type": "string",
                                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                            }
                                          }
                                        ]
                                      },
                                      "contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "not_contains": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "begins_with": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                            "const": "rule_id"
                                          }
                                        ]
                                      },
                                      "not_exists": {
                                        "type": "string",
                                        "anyOf": [
                                          {
                                            "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                            "const": "rule_id"
                                          }
                                        ]
                                      },
                                      "lte": {
                                        "type": "array",
                                        "additionalItems": false
                                      },
                                      "gte": {
                                        "type": "array",
                                        "additionalItems": false
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                ],
                "if": {
                  "properties": {
                    "category": {
                      "enum": [
                        "user_added",
                        "user_deleted",
                        "user_verified",
                        "license_over_deployment",
                        "css_capacity_approached",
                        "css_capacity_reached",
                        "css_capacity_exceeded"
                      ]
                    }
                  }
                },
                "then": {
                  "properties": {
                    "conditions": {
                      "additionalProperties": false
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "202": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The get notification Body",
                  "allOf": [
                    {
                      "type": "object",
                      "title": "The create notification Body",
                      "required": [
                        "name",
                        "category",
                        "delivery"
                      ],
                      "properties": {
                        "name": {
                          "title": "Notification name. Must be unique",
                          "type": "string"
                        },
                        "description": {
                          "title": "Notification description",
                          "type": "string",
                          "default": ""
                        },
                        "category": {
                          "title": "The category of the events to be notified",
                          "type": "string"
                        },
                        "conditions": {
                          "title": "Filters the events that will be notified. It depends on category",
                          "type": "object"
                        },
                        "aggregation": {
                          "title": "Aggregate multiple events in a single notifications",
                          "type": "object",
                          "properties": {
                            "interval": {
                              "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                              "type": "integer",
                              "minimum": 10,
                              "maximum": 86400
                            }
                          }
                        },
                        "enabled": {
                          "title": "enable/disable notification",
                          "type": "boolean",
                          "default": true
                        },
                        "owner": {
                          "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                          "type": "string"
                        }
                      },
                      "anyOf": [
                        {
                          "title": "Detections",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_detections"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Detections output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "os_release_name",
                                              "os_platform",
                                              "os_type",
                                              "os_version",
                                              "category",
                                              "type",
                                              "path",
                                              "status",
                                              "scanned_at",
                                              "reported_at",
                                              "threat_name",
                                              "affected_application",
                                              "process_name",
                                              "machine_id",
                                              "machine_name",
                                              "machine_ip",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "nics",
                                              "md5",
                                              "sha256",
                                              "engine_version",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Detections output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "os_release_name",
                                  "os_platform",
                                  "os_type",
                                  "os_version",
                                  "category",
                                  "type",
                                  "path",
                                  "status",
                                  "scanned_at",
                                  "reported_at",
                                  "threat_name",
                                  "affected_application",
                                  "process_name",
                                  "machine_id",
                                  "machine_name",
                                  "machine_ip",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "nics",
                                  "md5",
                                  "sha256",
                                  "engine_version",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "affected_application",
                                      "category",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_ip",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "path",
                                      "policy_id",
                                      "policy_name",
                                      "process_name",
                                      "status",
                                      "threat_name",
                                      "type"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                                  "items": [
                                                    {
                                                      "const": "category"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by detection category",
                                                    "type": "string",
                                                    "enum": [
                                                      "MALWARE",
                                                      "PUP",
                                                      "PUM",
                                                      "AE",
                                                      "ARW",
                                                      "MWAC",
                                                      "RID",
                                                      "VULNERABLE_DRIVER"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "blocked",
                                                      "found",
                                                      "quarantined",
                                                      "deleted",
                                                      "restored"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3,
                                                      4,
                                                      5,
                                                      6
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"rtp\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "rtp"
                                                    },
                                                    {
                                                      "title": "Filter events by real time protection"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "rtp"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "rtp"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                                  "items": [
                                                    {
                                                      "const": "type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by type",
                                                    "type": "string",
                                                    "enum": [
                                                      "application",
                                                      "exploit",
                                                      "extension",
                                                      "file",
                                                      "folder",
                                                      "InboundConnection",
                                                      "module",
                                                      "OutboundConnection",
                                                      "process",
                                                      "reg_key",
                                                      "reg_value"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Suspicious activity",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_suspicious_activity"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Suspicious activity",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "severity",
                                              "account_id",
                                              "account_name",
                                              "os_release_name",
                                              "os_platform",
                                              "type",
                                              "path",
                                              "status",
                                              "scanned_at",
                                              "reported_at",
                                              "threat_name",
                                              "machine_id",
                                              "machine_name",
                                              "machine_ip",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "nics",
                                              "last_user",
                                              "first_activity",
                                              "last_activity",
                                              "isolation_type"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Suspicious activity",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "severity",
                                  "account_id",
                                  "account_name",
                                  "os_release_name",
                                  "os_platform",
                                  "type",
                                  "path",
                                  "status",
                                  "scanned_at",
                                  "reported_at",
                                  "threat_name",
                                  "machine_id",
                                  "machine_name",
                                  "machine_ip",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "nics",
                                  "last_user",
                                  "first_activity",
                                  "last_activity",
                                  "isolation_type"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_ip",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "path",
                                      "policy_id",
                                      "policy_name",
                                      "severity",
                                      "status",
                                      "threat_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "level"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity level",
                                                    "type": "string",
                                                    "enum": [
                                                      "low",
                                                      "medium",
                                                      "high",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3,
                                                      4,
                                                      5,
                                                      6
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"threat_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "threat_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by threat_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by isolation_type exists",
                                                  "const": "isolation_type"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by isolation_type not exists",
                                                  "const": "isolation_type"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User added",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_added"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User added",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "ip_address",
                                              "invited_by",
                                              "role",
                                              "email",
                                              "full_group_access",
                                              "timestamp",
                                              "account_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User added",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "ip_address",
                                  "invited_by",
                                  "role",
                                  "email",
                                  "full_group_access",
                                  "timestamp",
                                  "account_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "invited_by",
                                      "ip_address",
                                      "role"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User deleted",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_deleted"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User deleted output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "ip_address",
                                              "timestamp",
                                              "account_id",
                                              "deleted_by",
                                              "email"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User deleted output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "ip_address",
                                  "timestamp",
                                  "account_id",
                                  "deleted_by",
                                  "email"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "ip_address",
                                      "deleted_by"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "User verified",
                          "properties": {
                            "category": {
                              "enum": [
                                "user_verified"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "User verified",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "email",
                                              "timestamp",
                                              "account_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "User verified",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "email",
                                  "timestamp",
                                  "account_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint registered",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_registered"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint registered output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "created_at"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint registered output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "created_at"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint deleted",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_unregistered"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint deleted output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "timestamp",
                                              "timeout"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint deleted output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "timestamp",
                                  "timeout"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"timeout\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "timeout"
                                                    },
                                                    {
                                                      "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "timeout"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "timeout"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Command update",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_command_update"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Command update output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "command",
                                              "status",
                                              "created_at",
                                              "updated_at",
                                              "expires_at",
                                              "machine_id",
                                              "machine_name",
                                              "group_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Command update output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "command",
                                  "status",
                                  "created_at",
                                  "updated_at",
                                  "expires_at",
                                  "machine_id",
                                  "machine_name",
                                  "group_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "command",
                                      "status",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the machine_events to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "CREATED",
                                                      "SENT",
                                                      "RECEIVED",
                                                      "STARTED",
                                                      "TIMED_OUT",
                                                      "COMPLETED",
                                                      "EXPIRED",
                                                      "FAILED",
                                                      "CANCELLED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Quarantine",
                          "properties": {
                            "category": {
                              "enum": [
                                "quarantine"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Quarantine output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "path",
                                              "machine_name",
                                              "created_at",
                                              "status"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Quarantine output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "path",
                                  "machine_name",
                                  "created_at",
                                  "status"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                              "items": [
                                                {
                                                  "const": "quarantine_action"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter the type of the quarantine_events to be notified",
                                                "type": "string",
                                                "enum": [
                                                  "QUARANTINE_DELETED",
                                                  "QUARANTINE_RESTORED"
                                                ]
                                              }
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Threat scan",
                          "properties": {
                            "category": {
                              "enum": [
                                "threat_scan"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Threat scan output_fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "scan_date",
                                              "scan_id",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "ip_address",
                                              "detections"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Threat scan output_fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "scan_date",
                                  "scan_id",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "ip_address",
                                  "detections"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "ip_address",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat activity action",
                                                    "type": "string",
                                                    "enum": [
                                                      "THREAT_CLEANED",
                                                      "THREAT_FOUND"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Device control",
                          "properties": {
                            "category": {
                              "enum": [
                                "device_control"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Device control output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "path",
                                              "date",
                                              "action",
                                              "device_name",
                                              "manufacturer",
                                              "volume_serial",
                                              "serial_number",
                                              "physical_disk_name",
                                              "disk_interface",
                                              "file_system",
                                              "volume_name",
                                              "volume_device_path",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Device control output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "path",
                                  "date",
                                  "action",
                                  "device_name",
                                  "manufacturer",
                                  "volume_serial",
                                  "serial_number",
                                  "physical_disk_name",
                                  "disk_interface",
                                  "file_system",
                                  "volume_name",
                                  "volume_device_path",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "group_id",
                                      "group_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform",
                                      "os_release_name",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "blocked",
                                                      "read-only"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"device_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "device_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"manufacturer\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "manufacturer"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Site end date",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_expiring"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Site end date output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "days_left"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Site end date output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "days_left"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                                  "items": [
                                                    {
                                                      "const": "days_left"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by days left before the license expiration",
                                                    "type": "number",
                                                    "enum": [
                                                      0,
                                                      1,
                                                      3,
                                                      5,
                                                      7,
                                                      14,
                                                      30
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Site over deployed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_over_deployment"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Site over deployed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Site over deployed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Vulnerability status",
                          "properties": {
                            "category": {
                              "enum": [
                                "cve_found"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Vulnerability status output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "product",
                                              "vendor",
                                              "installed_version",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "cve_id",
                                              "severity",
                                              "created_at",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "cisa_exploitable",
                                              "known_ransomware_campaign_use",
                                              "description",
                                              "published_at",
                                              "severity_score"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Vulnerability status output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "product",
                                  "vendor",
                                  "installed_version",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "cve_id",
                                  "severity",
                                  "created_at",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "cisa_exploitable",
                                  "known_ransomware_campaign_use",
                                  "description",
                                  "published_at",
                                  "severity_score"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "cve_id",
                                      "product",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "severity"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity",
                                                    "type": "string",
                                                    "enum": [
                                                      "unknown",
                                                      "low",
                                                      "medium",
                                                      "high",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"cisa_exploitable\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "cisa_exploitable"
                                                    },
                                                    {
                                                      "title": "Filter events by CISA exploitable"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "cisa_exploitable"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "cisa_exploitable"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by available patch exists",
                                                  "const": "available_patch"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by available patch not exists",
                                                  "const": "available_patch"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Patch applied",
                          "properties": {
                            "category": {
                              "enum": [
                                "patch_applied"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Patch applied output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "title",
                                              "description",
                                              "product",
                                              "vendor",
                                              "severity",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "reboot_required",
                                              "preview_patch",
                                              "date",
                                              "status",
                                              "category"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Patch applied output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "title",
                                  "description",
                                  "product",
                                  "vendor",
                                  "severity",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "reboot_required",
                                  "preview_patch",
                                  "date",
                                  "status",
                                  "category"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "FAILED",
                                                      "REBOOT_REQUIRED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"preview_patch\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "preview_patch"
                                                    },
                                                    {
                                                      "title": "Filter events by preview_patch"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Software update applied",
                          "properties": {
                            "category": {
                              "enum": [
                                "software_update"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Software update applied output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "product",
                                              "vendor",
                                              "current_version",
                                              "new_version",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "date",
                                              "status",
                                              "signature_id"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Software update applied output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "product",
                                  "vendor",
                                  "current_version",
                                  "new_version",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "date",
                                  "status",
                                  "signature_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "FAILED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Patch or software update available",
                          "properties": {
                            "category": {
                              "enum": [
                                "patch_available"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Patch or software update available",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "title",
                                              "description",
                                              "product",
                                              "vendor",
                                              "severity",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_version",
                                              "reboot_required",
                                              "preview_patch",
                                              "date",
                                              "category",
                                              "patch_id",
                                              "released_at",
                                              "size"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Patch or software update available",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "title",
                                  "description",
                                  "product",
                                  "vendor",
                                  "severity",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_version",
                                  "reboot_required",
                                  "preview_patch",
                                  "date",
                                  "category",
                                  "patch_id",
                                  "released_at",
                                  "size"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "os_platform"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                                  "items": [
                                                    {
                                                      "const": "severity"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by severity",
                                                    "type": "string",
                                                    "enum": [
                                                      "unknown",
                                                      "moderate",
                                                      "low",
                                                      "important",
                                                      "critical"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"reboot_required\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "reboot_required"
                                                    },
                                                    {
                                                      "title": "Filter events by reboot_required"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "reboot_required"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "reboot_required"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"preview_patch\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "preview_patch"
                                                    },
                                                    {
                                                      "title": "Filter events by preview_patch"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "preview_patch"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"product\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "product"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by product",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"vendor\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "vendor"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by vendor",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS detection",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_detection"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS detection output fields",
                                          "minItems": 1,
                                          "type": "array",
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "file_name",
                                              "css_threat_name",
                                              "action_taken",
                                              "file_location",
                                              "file_owner",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS detection output fields",
                              "minItems": 1,
                              "type": "array",
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "file_name",
                                  "css_threat_name",
                                  "action_taken",
                                  "file_location",
                                  "file_owner",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "action_taken",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                                  "items": [
                                                    {
                                                      "const": "action_taken"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action taken",
                                                    "type": "string",
                                                    "enum": [
                                                      "Found",
                                                      "Quarantined"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                                  "items": [
                                                    {
                                                      "const": "cloud_provider"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by cloud provider",
                                                    "type": "string",
                                                    "enum": [
                                                      "BOX",
                                                      "ONEDRIVE",
                                                      "GOOGLEDRIVE"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan configuration name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "contains": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "not_contains": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "begins_with": {
                                              "title": "0: \"scan_configuration_name\". 1: string",
                                              "type": "array",
                                              "items": [
                                                {
                                                  "const": "scan_configuration_name"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by scan_configuration_name",
                                                "type": "string"
                                              }
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity approached",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_approached"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity approached output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity approached output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity reached",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_reached"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity reached output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity reached output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "CSS capacity exceeded",
                          "properties": {
                            "category": {
                              "enum": [
                                "css_capacity_exceeded"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "CSS capacity exceeded output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "cloud_provider",
                                              "scan_configuration_name",
                                              "timestamp"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "CSS capacity exceeded output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "cloud_provider",
                                  "scan_configuration_name",
                                  "timestamp"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "DNS blocked",
                          "properties": {
                            "category": {
                              "enum": [
                                "dns_blocked"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "DNS blocked output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "timestamp",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "colo_id",
                                              "device_id",
                                              "user_id",
                                              "dst_ip",
                                              "src_ip",
                                              "email",
                                              "location",
                                              "policy",
                                              "rule_name",
                                              "action",
                                              "protocol",
                                              "query_name",
                                              "query_name_reversed",
                                              "resolver_decision",
                                              "query_category_ids",
                                              "query_size",
                                              "query_type",
                                              "src_port",
                                              "dst_port",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "os_architecture"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "DNS blocked output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "timestamp",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "colo_id",
                                  "device_id",
                                  "user_id",
                                  "dst_ip",
                                  "src_ip",
                                  "email",
                                  "location",
                                  "policy",
                                  "rule_name",
                                  "action",
                                  "protocol",
                                  "query_name",
                                  "query_name_reversed",
                                  "resolver_decision",
                                  "query_category_ids",
                                  "query_size",
                                  "query_type",
                                  "src_port",
                                  "dst_port",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "os_architecture"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Case management",
                          "properties": {
                            "category": {
                              "enum": [
                                "siemplify_case"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Case management output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "case_id",
                                              "case_name",
                                              "case_status",
                                              "case_created_at",
                                              "priority",
                                              "action_required",
                                              "event",
                                              "endpoints",
                                              "detections"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Case management output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "case_id",
                                  "case_name",
                                  "case_status",
                                  "case_created_at",
                                  "priority",
                                  "action_required",
                                  "event",
                                  "endpoints",
                                  "detections"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "case_id"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                                  "items": [
                                                    {
                                                      "const": "event"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "case_created",
                                                      "case_updated",
                                                      "case_closed"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                                  "items": [
                                                    {
                                                      "const": "priority"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "Critical",
                                                      "High",
                                                      "Medium",
                                                      "Low"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"action_required\". 1: true, false",
                                                  "items": [
                                                    {
                                                      "const": "action_required"
                                                    },
                                                    {
                                                      "title": "Filter events by CISA exploitable"
                                                    }
                                                  ],
                                                  "additionalItems": false,
                                                  "if": {
                                                    "items": [
                                                      {
                                                        "const": "action_required"
                                                      }
                                                    ]
                                                  },
                                                  "then": {
                                                    "items": [
                                                      {
                                                        "const": "action_required"
                                                      },
                                                      {
                                                        "type": "boolean"
                                                      }
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Application block",
                          "properties": {
                            "category": {
                              "enum": [
                                "app_block"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Application block output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "app_block_rules",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "scanned_at",
                                              "file_path",
                                              "last_user"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Application block output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "app_block_rules",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "scanned_at",
                                  "file_path",
                                  "last_user"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "additionalItems": false
                                            },
                                            "lte": {
                                              "type": "array",
                                              "const": ""
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Entitlement changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_entitlement_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Entitlement changed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "license_key_status",
                                              "auto_renew",
                                              "status"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Entitlement changed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "license_key_status",
                                  "auto_renew",
                                  "status"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by status",
                                                    "type": "string",
                                                    "enum": [
                                                      "added",
                                                      "updated",
                                                      "removed"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Entitlement usage changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "license_entitlement_usage_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Entitlement usage changed output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "license_term_type",
                                              "license_status",
                                              "licensed_seats",
                                              "used_seats",
                                              "license_key",
                                              "catalog_code",
                                              "combo_product",
                                              "licensed_product",
                                              "license_expires_at",
                                              "license_key_status",
                                              "auto_renew"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Entitlement usage changed output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "license_term_type",
                                  "license_status",
                                  "licensed_seats",
                                  "used_seats",
                                  "license_key",
                                  "catalog_code",
                                  "combo_product",
                                  "licensed_product",
                                  "license_expires_at",
                                  "license_key_status",
                                  "auto_renew"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                              "items": [
                                                {
                                                  "const": "license_term_type"
                                                }
                                              ],
                                              "additionalItems": {
                                                "title": "Filter events by license term type",
                                                "type": "string",
                                                "enum": [
                                                  "cloud_evaluation",
                                                  "evaluation",
                                                  "freemium",
                                                  "nfr",
                                                  "site_license",
                                                  "subscription",
                                                  "utility"
                                                ]
                                              }
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint status changed",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_status_changed"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Endpoint status changed",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "status_change",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version",
                                              "codes"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Endpoint status changed",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "status_change",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version",
                                  "codes"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status_change",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                                  "items": [
                                                    {
                                                      "const": "status_change"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of status_change to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "ENDPOINT_REBOOT_REQUIRED",
                                                      "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                      "ENDPOINT_INFECTED",
                                                      "ENDPOINT_REMEDIATED",
                                                      "ENDPOINT_ISOLATED",
                                                      "ENDPOINT_UNISOLATED",
                                                      "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                      "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                      "AGENT_ALERTS_CHANGED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Inactive endpoint",
                          "properties": {
                            "category": {
                              "enum": [
                                "inactive_endpoint"
                              ]
                            },
                            "delivery": {
                              "properties": {
                                "output_fields": {
                                  "title": "Information to include in the JSON body. If omitted, include all",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "last_seen_at"
                                    ]
                                  }
                                }
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                                  "items": [
                                                    {
                                                      "const": "os_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS type",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"policy_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"policy_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_name",
                                                    "type": "string"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_name",
                                                    "type": "string"
                                                  }
                                                }
                                              ]
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"last_seen_at\"",
                                                  "items": [
                                                    {
                                                      "const": "last_seen_at"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter inactive machines by less than equals days since last active",
                                                    "type": "number",
                                                    "minimum": 1
                                                  }
                                                }
                                              ]
                                            },
                                            "gte": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"last_seen_at\"",
                                                  "items": [
                                                    {
                                                      "const": "last_seen_at"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter inactive machines by less than equals days since last active",
                                                    "type": "number",
                                                    "minimum": 1
                                                  }
                                                }
                                              ]
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Firewall activity",
                          "properties": {
                            "category": {
                              "enum": [
                                "firewall_activity"
                              ]
                            },
                            "delivery": {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "properties": {
                                        "output_fields": {
                                          "title": "Firewall activity output fields",
                                          "type": "array",
                                          "minItems": 1,
                                          "items": {
                                            "type": "string",
                                            "enum": [
                                              "start_time",
                                              "end_time",
                                              "rule_id",
                                              "rule_name",
                                              "ruleset_id",
                                              "ruleset_name",
                                              "direction",
                                              "action",
                                              "protocol",
                                              "location",
                                              "program",
                                              "service",
                                              "hits",
                                              "account_id",
                                              "account_name",
                                              "machine_id",
                                              "machine_name",
                                              "group_id",
                                              "group_name",
                                              "policy_id",
                                              "policy_name",
                                              "os_platform",
                                              "os_release_name",
                                              "os_type",
                                              "os_version"
                                            ]
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            },
                            "output_fields": {
                              "title": "Firewall activity output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "start_time",
                                  "end_time",
                                  "rule_id",
                                  "rule_name",
                                  "ruleset_id",
                                  "ruleset_name",
                                  "direction",
                                  "action",
                                  "protocol",
                                  "location",
                                  "program",
                                  "service",
                                  "hits",
                                  "account_id",
                                  "account_name",
                                  "machine_id",
                                  "machine_name",
                                  "group_id",
                                  "group_name",
                                  "policy_id",
                                  "policy_name",
                                  "os_platform",
                                  "os_release_name",
                                  "os_type",
                                  "os_version"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                                  "items": [
                                                    {
                                                      "const": "action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by action",
                                                    "type": "string",
                                                    "enum": [
                                                      "ALLOW",
                                                      "BLOCK"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                                  "items": [
                                                    {
                                                      "const": "direction"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by direction",
                                                    "type": "string",
                                                    "enum": [
                                                      "Inbound",
                                                      "Outbound"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                  "items": [
                                                    {
                                                      "const": "os_platform"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by OS platform",
                                                    "type": "number",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"policy_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "policy_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by policy_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "const": ""
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "Endpoint isolation",
                          "properties": {
                            "category": {
                              "enum": [
                                "endpoint_isolation"
                              ]
                            },
                            "delivery": {
                              "type": "array",
                              "items": {
                                "title": "Notification delivery schema",
                                "type": "object",
                                "required": [
                                  "type"
                                ],
                                "anyOf": [
                                  {
                                    "title": "Webhook delivery",
                                    "required": [
                                      "url"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "webhook"
                                        ]
                                      },
                                      "url": {
                                        "title": "Webhook url",
                                        "type": "string",
                                        "format": "uri"
                                      },
                                      "custom_headers": {
                                        "title": "Custom headers that will be included in the request",
                                        "type": "object",
                                        "additionalProperties": {
                                          "type": "string"
                                        }
                                      },
                                      "max_retries": {
                                        "title": "Maximum number of retries if the delivery is not successful",
                                        "type": "number"
                                      },
                                      "secret_token": {
                                        "title": "The secret token that will be used to sign the message",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Email delivery",
                                    "required": [
                                      "recipients",
                                      "subject"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "email"
                                        ]
                                      },
                                      "recipients": {
                                        "title": "Recipients list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "format": "email"
                                        }
                                      },
                                      "subject": {
                                        "title": "The subject of the email",
                                        "type": "string"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Slack delivery",
                                    "required": [
                                      "channels"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "slack"
                                        ]
                                      },
                                      "channels": {
                                        "title": "Slack channels list",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "MS Teams delivery",
                                    "required": [
                                      "conversations"
                                    ],
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "teams"
                                        ]
                                      },
                                      "conversations": {
                                        "title": "MS Teams conversations IDs",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "title": "Mobile push notification delivery",
                                    "properties": {
                                      "type": {
                                        "title": "Delivery method",
                                        "type": "string",
                                        "enum": [
                                          "mobile"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              }
                            },
                            "output_fields": {
                              "title": "Endpoint isolation output fields",
                              "type": "array",
                              "minItems": 1,
                              "items": {
                                "type": "string",
                                "enum": [
                                  "account_id",
                                  "account_name",
                                  "status",
                                  "created_at",
                                  "updated_at",
                                  "expires_at",
                                  "machine_id",
                                  "machine_name",
                                  "os_release_name",
                                  "os_platform",
                                  "os_type",
                                  "os_version",
                                  "rule_id"
                                ]
                              }
                            },
                            "aggregation": {
                              "properties": {
                                "group_by": {
                                  "type": "array",
                                  "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status",
                                      "machine_id",
                                      "machine_name"
                                    ]
                                  }
                                }
                              }
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "or": {
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "and": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                  "items": [
                                                    {
                                                      "const": "status"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the status update to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "COMPLETED",
                                                      "EXPIRED",
                                                      "FAILED",
                                                      "CANCELLED"
                                                    ]
                                                  }
                                                },
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "not_eq": {
                                              "type": "array",
                                              "anyOf": [
                                                {
                                                  "title": "0: \"machine_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "machine_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by machine_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                },
                                                {
                                                  "title": "0: \"group_id\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "group_id"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by group_id",
                                                    "type": "string",
                                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                  }
                                                }
                                              ]
                                            },
                                            "contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "not_contains": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "begins_with": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                  "const": "rule_id"
                                                }
                                              ]
                                            },
                                            "not_exists": {
                                              "type": "string",
                                              "anyOf": [
                                                {
                                                  "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                  "const": "rule_id"
                                                }
                                              ]
                                            },
                                            "lte": {
                                              "type": "array",
                                              "additionalItems": false
                                            },
                                            "gte": {
                                              "type": "array",
                                              "additionalItems": false
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      ],
                      "if": {
                        "properties": {
                          "category": {
                            "enum": [
                              "user_added",
                              "user_deleted",
                              "user_verified",
                              "license_over_deployment",
                              "css_capacity_approached",
                              "css_capacity_reached",
                              "css_capacity_exceeded"
                            ]
                          }
                        }
                      },
                      "then": {
                        "properties": {
                          "conditions": {
                            "additionalProperties": false
                          }
                        }
                      }
                    },
                    {
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "title": "Notification Id",
                          "type": "string"
                        },
                        "updated_at": {
                          "title": "Updated at timestamp",
                          "type": "object",
                          "format": "date-time"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.put.notification"
      }
    },
    "/nebula/v1/notifications/subscriptions/bulk": {
      "delete": {
        "description": "Delete bulk notification subscription.",
        "summary": "Delete notification bulk",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The delete bulk notification Body",
                "required": [
                  "subscriptions"
                ],
                "properties": {
                  "subscriptions": {
                    "type": "array",
                    "title": "The subscriptions to delete",
                    "minItems": 1,
                    "items": {
                      "title": "Subscription to delete",
                      "type": "object",
                      "required": [
                        "id"
                      ],
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Subscription id items (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        },
                        "owner": {
                          "type": "string",
                          "title": "Owner of the subscription, in the scope of the client"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.delete-bulk.notification"
      },
      "put": {
        "description": "Update bulk notification subscription.",
        "summary": "Update notification bulk",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "webhooks_subscriptions_write"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The update bulk notification Body",
                "required": [
                  "records"
                ],
                "properties": {
                  "records": {
                    "type": "array",
                    "title": "The subscriptions to update",
                    "minItems": 1,
                    "items": {
                      "allOf": [
                        {
                          "type": "object",
                          "title": "The create notification Body",
                          "required": [
                            "name",
                            "category",
                            "delivery"
                          ],
                          "properties": {
                            "name": {
                              "title": "Notification name. Must be unique",
                              "type": "string"
                            },
                            "description": {
                              "title": "Notification description",
                              "type": "string",
                              "default": ""
                            },
                            "category": {
                              "title": "The category of the events to be notified",
                              "type": "string"
                            },
                            "conditions": {
                              "title": "Filters the events that will be notified. It depends on category",
                              "type": "object"
                            },
                            "aggregation": {
                              "title": "Aggregate multiple events in a single notifications",
                              "type": "object",
                              "properties": {
                                "interval": {
                                  "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                                  "type": "integer",
                                  "minimum": 10,
                                  "maximum": 86400
                                }
                              }
                            },
                            "enabled": {
                              "title": "enable/disable notification",
                              "type": "boolean",
                              "default": true
                            },
                            "owner": {
                              "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                              "type": "string"
                            }
                          },
                          "anyOf": [
                            {
                              "title": "Detections",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "threat_detections"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Detections output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "os_release_name",
                                                  "os_platform",
                                                  "os_type",
                                                  "os_version",
                                                  "category",
                                                  "type",
                                                  "path",
                                                  "status",
                                                  "scanned_at",
                                                  "reported_at",
                                                  "threat_name",
                                                  "affected_application",
                                                  "process_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "machine_ip",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "nics",
                                                  "md5",
                                                  "sha256",
                                                  "engine_version",
                                                  "last_user"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Detections output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "os_release_name",
                                      "os_platform",
                                      "os_type",
                                      "os_version",
                                      "category",
                                      "type",
                                      "path",
                                      "status",
                                      "scanned_at",
                                      "reported_at",
                                      "threat_name",
                                      "affected_application",
                                      "process_name",
                                      "machine_id",
                                      "machine_name",
                                      "machine_ip",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "nics",
                                      "md5",
                                      "sha256",
                                      "engine_version",
                                      "last_user"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "affected_application",
                                          "category",
                                          "group_id",
                                          "group_name",
                                          "machine_id",
                                          "machine_ip",
                                          "machine_name",
                                          "os_platform",
                                          "os_release_name",
                                          "path",
                                          "policy_id",
                                          "policy_name",
                                          "process_name",
                                          "status",
                                          "threat_name",
                                          "type"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                                      "items": [
                                                        {
                                                          "const": "category"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by detection category",
                                                        "type": "string",
                                                        "enum": [
                                                          "MALWARE",
                                                          "PUP",
                                                          "PUM",
                                                          "AE",
                                                          "ARW",
                                                          "MWAC",
                                                          "RID",
                                                          "VULNERABLE_DRIVER"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                                      "items": [
                                                        {
                                                          "const": "action"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by action",
                                                        "type": "string",
                                                        "enum": [
                                                          "blocked",
                                                          "found",
                                                          "quarantined",
                                                          "deleted",
                                                          "restored"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"threat_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "threat_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3,
                                                          4,
                                                          5,
                                                          6
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"rtp\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "rtp"
                                                        },
                                                        {
                                                          "title": "Filter events by real time protection"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "rtp"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "rtp"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                                      "items": [
                                                        {
                                                          "const": "type"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by type",
                                                        "type": "string",
                                                        "enum": [
                                                          "application",
                                                          "exploit",
                                                          "extension",
                                                          "file",
                                                          "folder",
                                                          "InboundConnection",
                                                          "module",
                                                          "OutboundConnection",
                                                          "process",
                                                          "reg_key",
                                                          "reg_value"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"threat_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "threat_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "not_contains": {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "begins_with": {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Suspicious activity",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "threat_suspicious_activity"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Suspicious activity",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "severity",
                                                  "account_id",
                                                  "account_name",
                                                  "os_release_name",
                                                  "os_platform",
                                                  "type",
                                                  "path",
                                                  "status",
                                                  "scanned_at",
                                                  "reported_at",
                                                  "threat_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "machine_ip",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "nics",
                                                  "last_user",
                                                  "first_activity",
                                                  "last_activity",
                                                  "isolation_type"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Suspicious activity",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "severity",
                                      "account_id",
                                      "account_name",
                                      "os_release_name",
                                      "os_platform",
                                      "type",
                                      "path",
                                      "status",
                                      "scanned_at",
                                      "reported_at",
                                      "threat_name",
                                      "machine_id",
                                      "machine_name",
                                      "machine_ip",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "nics",
                                      "last_user",
                                      "first_activity",
                                      "last_activity",
                                      "isolation_type"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "group_id",
                                          "group_name",
                                          "machine_id",
                                          "machine_ip",
                                          "machine_name",
                                          "os_platform",
                                          "os_release_name",
                                          "path",
                                          "policy_id",
                                          "policy_name",
                                          "severity",
                                          "status",
                                          "threat_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                                      "items": [
                                                        {
                                                          "const": "level"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by severity level",
                                                        "type": "string",
                                                        "enum": [
                                                          "low",
                                                          "medium",
                                                          "high",
                                                          "critical"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"threat_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "threat_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3,
                                                          4,
                                                          5,
                                                          6
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"threat_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "threat_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "not_contains": {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "begins_with": {
                                                  "title": "0: \"threat_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "threat_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by threat_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "anyOf": [
                                                    {
                                                      "title": "Filter events by isolation_type exists",
                                                      "const": "isolation_type"
                                                    }
                                                  ]
                                                },
                                                "not_exists": {
                                                  "anyOf": [
                                                    {
                                                      "title": "Filter events by isolation_type not exists",
                                                      "const": "isolation_type"
                                                    }
                                                  ]
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "User added",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "user_added"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "User added",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "ip_address",
                                                  "invited_by",
                                                  "role",
                                                  "email",
                                                  "full_group_access",
                                                  "timestamp",
                                                  "account_id"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "User added",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "ip_address",
                                      "invited_by",
                                      "role",
                                      "email",
                                      "full_group_access",
                                      "timestamp",
                                      "account_id"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "invited_by",
                                          "ip_address",
                                          "role"
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "User deleted",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "user_deleted"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "User deleted output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "ip_address",
                                                  "timestamp",
                                                  "account_id",
                                                  "deleted_by",
                                                  "email"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "User deleted output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "ip_address",
                                      "timestamp",
                                      "account_id",
                                      "deleted_by",
                                      "email"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "ip_address",
                                          "deleted_by"
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "User verified",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "user_verified"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "User verified",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "email",
                                                  "timestamp",
                                                  "account_id"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "User verified",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "email",
                                      "timestamp",
                                      "account_id"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name"
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Endpoint registered",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "endpoint_registered"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Endpoint registered output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "created_at"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Endpoint registered output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "created_at"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Endpoint deleted",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "endpoint_unregistered"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Endpoint deleted output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "timestamp",
                                                  "timeout"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Endpoint deleted output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "timestamp",
                                      "timeout"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"timeout\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "timeout"
                                                        },
                                                        {
                                                          "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "timeout"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "timeout"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Command update",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "endpoint_command_update"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Command update output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "command",
                                                  "status",
                                                  "created_at",
                                                  "updated_at",
                                                  "expires_at",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Command update output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "command",
                                      "status",
                                      "created_at",
                                      "updated_at",
                                      "expires_at",
                                      "machine_id",
                                      "machine_name",
                                      "group_id"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "command",
                                          "status",
                                          "machine_id",
                                          "machine_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                      "items": [
                                                        {
                                                          "const": "status"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter the type of the machine_events to be notified",
                                                        "type": "string",
                                                        "enum": [
                                                          "CREATED",
                                                          "SENT",
                                                          "RECEIVED",
                                                          "STARTED",
                                                          "TIMED_OUT",
                                                          "COMPLETED",
                                                          "EXPIRED",
                                                          "FAILED",
                                                          "CANCELLED"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Quarantine",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "quarantine"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Quarantine output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "path",
                                                  "machine_name",
                                                  "created_at",
                                                  "status"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Quarantine output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "path",
                                      "machine_name",
                                      "created_at",
                                      "status"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "status"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                                  "items": [
                                                    {
                                                      "const": "quarantine_action"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter the type of the quarantine_events to be notified",
                                                    "type": "string",
                                                    "enum": [
                                                      "QUARANTINE_DELETED",
                                                      "QUARANTINE_RESTORED"
                                                    ]
                                                  }
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Threat scan",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "threat_scan"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Threat scan output_fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "scan_date",
                                                  "scan_id",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "ip_address",
                                                  "detections"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Threat scan output_fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "scan_date",
                                      "scan_id",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "ip_address",
                                      "detections"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "ip_address",
                                          "policy_id",
                                          "policy_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                                      "items": [
                                                        {
                                                          "const": "action"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat activity action",
                                                        "type": "string",
                                                        "enum": [
                                                          "THREAT_CLEANED",
                                                          "THREAT_FOUND"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Device control",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "device_control"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Device control output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_type",
                                                  "os_version",
                                                  "path",
                                                  "date",
                                                  "action",
                                                  "device_name",
                                                  "manufacturer",
                                                  "volume_serial",
                                                  "serial_number",
                                                  "physical_disk_name",
                                                  "disk_interface",
                                                  "file_system",
                                                  "volume_name",
                                                  "volume_device_path",
                                                  "last_user"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Device control output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "path",
                                      "date",
                                      "action",
                                      "device_name",
                                      "manufacturer",
                                      "volume_serial",
                                      "serial_number",
                                      "physical_disk_name",
                                      "disk_interface",
                                      "file_system",
                                      "volume_name",
                                      "volume_device_path",
                                      "last_user"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "group_id",
                                          "group_name",
                                          "machine_id",
                                          "machine_name",
                                          "os_platform",
                                          "os_release_name",
                                          "policy_id",
                                          "policy_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                                      "items": [
                                                        {
                                                          "const": "action"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by action",
                                                        "type": "string",
                                                        "enum": [
                                                          "blocked",
                                                          "read-only"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"device_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "device_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"manufacturer\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "manufacturer"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"device_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "device_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"manufacturer\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "manufacturer"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"device_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "device_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"manufacturer\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "manufacturer"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"device_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "device_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"manufacturer\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "manufacturer"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by threat_name",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Site end date",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "license_expiring"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Site end date output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "license_term_type",
                                                  "license_status",
                                                  "licensed_seats",
                                                  "used_seats",
                                                  "license_key",
                                                  "catalog_code",
                                                  "combo_product",
                                                  "licensed_product",
                                                  "license_expires_at",
                                                  "days_left"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Site end date output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status",
                                      "licensed_seats",
                                      "used_seats",
                                      "license_key",
                                      "catalog_code",
                                      "combo_product",
                                      "licensed_product",
                                      "license_expires_at",
                                      "days_left"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "license_term_type",
                                          "license_status"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                                      "items": [
                                                        {
                                                          "const": "days_left"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by days left before the license expiration",
                                                        "type": "number",
                                                        "enum": [
                                                          0,
                                                          1,
                                                          3,
                                                          5,
                                                          7,
                                                          14,
                                                          30
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                      "items": [
                                                        {
                                                          "const": "license_term_type"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by license term type",
                                                        "type": "string",
                                                        "enum": [
                                                          "cloud_evaluation",
                                                          "evaluation",
                                                          "freemium",
                                                          "nfr",
                                                          "site_license",
                                                          "subscription",
                                                          "utility"
                                                        ]
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Site over deployed",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "license_over_deployment"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Site over deployed output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "license_term_type",
                                                  "license_status",
                                                  "licensed_seats",
                                                  "used_seats",
                                                  "license_key",
                                                  "catalog_code",
                                                  "combo_product"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Site over deployed output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status",
                                      "licensed_seats",
                                      "used_seats",
                                      "license_key",
                                      "catalog_code",
                                      "combo_product"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "license_term_type",
                                          "license_status"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                      "items": [
                                                        {
                                                          "const": "license_term_type"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by license term type",
                                                        "type": "string",
                                                        "enum": [
                                                          "cloud_evaluation",
                                                          "evaluation",
                                                          "freemium",
                                                          "nfr",
                                                          "site_license",
                                                          "subscription",
                                                          "utility"
                                                        ]
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Vulnerability status",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "cve_found"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Vulnerability status output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "product",
                                                  "vendor",
                                                  "installed_version",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "cve_id",
                                                  "severity",
                                                  "created_at",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_version",
                                                  "cisa_exploitable",
                                                  "known_ransomware_campaign_use",
                                                  "description",
                                                  "published_at",
                                                  "severity_score"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Vulnerability status output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "product",
                                      "vendor",
                                      "installed_version",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "cve_id",
                                      "severity",
                                      "created_at",
                                      "os_platform",
                                      "os_release_name",
                                      "os_version",
                                      "cisa_exploitable",
                                      "known_ransomware_campaign_use",
                                      "description",
                                      "published_at",
                                      "severity_score"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "cve_id",
                                          "product",
                                          "os_platform"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                                      "items": [
                                                        {
                                                          "const": "severity"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by severity",
                                                        "type": "string",
                                                        "enum": [
                                                          "unknown",
                                                          "low",
                                                          "medium",
                                                          "high",
                                                          "critical"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"cisa_exploitable\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "cisa_exploitable"
                                                        },
                                                        {
                                                          "title": "Filter events by CISA exploitable"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "cisa_exploitable"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "cisa_exploitable"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "anyOf": [
                                                    {
                                                      "title": "Filter events by available patch exists",
                                                      "const": "available_patch"
                                                    }
                                                  ]
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "anyOf": [
                                                    {
                                                      "title": "Filter events by available patch not exists",
                                                      "const": "available_patch"
                                                    }
                                                  ]
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Patch applied",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "patch_applied"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Patch applied output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "title",
                                                  "description",
                                                  "product",
                                                  "vendor",
                                                  "severity",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_version",
                                                  "reboot_required",
                                                  "preview_patch",
                                                  "date",
                                                  "status",
                                                  "category"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Patch applied output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "title",
                                      "description",
                                      "product",
                                      "vendor",
                                      "severity",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_version",
                                      "reboot_required",
                                      "preview_patch",
                                      "date",
                                      "status",
                                      "category"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "os_platform"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                                      "items": [
                                                        {
                                                          "const": "status"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by status",
                                                        "type": "string",
                                                        "enum": [
                                                          "COMPLETED",
                                                          "FAILED",
                                                          "REBOOT_REQUIRED"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"preview_patch\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "preview_patch"
                                                        },
                                                        {
                                                          "title": "Filter events by preview_patch"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Software update applied",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "software_update"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Software update applied output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "product",
                                                  "vendor",
                                                  "current_version",
                                                  "new_version",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_version",
                                                  "date",
                                                  "status",
                                                  "signature_id"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Software update applied output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "product",
                                      "vendor",
                                      "current_version",
                                      "new_version",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_version",
                                      "date",
                                      "status",
                                      "signature_id"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "os_platform"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                                      "items": [
                                                        {
                                                          "const": "status"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by status",
                                                        "type": "string",
                                                        "enum": [
                                                          "COMPLETED",
                                                          "FAILED"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Patch or software update available",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "patch_available"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Patch or software update available",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "title",
                                                  "description",
                                                  "product",
                                                  "vendor",
                                                  "severity",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_version",
                                                  "reboot_required",
                                                  "preview_patch",
                                                  "date",
                                                  "category",
                                                  "patch_id",
                                                  "released_at",
                                                  "size"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Patch or software update available",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "title",
                                      "description",
                                      "product",
                                      "vendor",
                                      "severity",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_version",
                                      "reboot_required",
                                      "preview_patch",
                                      "date",
                                      "category",
                                      "patch_id",
                                      "released_at",
                                      "size"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "os_platform"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                                      "items": [
                                                        {
                                                          "const": "severity"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by severity",
                                                        "type": "string",
                                                        "enum": [
                                                          "unknown",
                                                          "moderate",
                                                          "low",
                                                          "important",
                                                          "critical"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"reboot_required\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "reboot_required"
                                                        },
                                                        {
                                                          "title": "Filter events by reboot_required"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "reboot_required"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "reboot_required"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"preview_patch\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "preview_patch"
                                                        },
                                                        {
                                                          "title": "Filter events by preview_patch"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"product\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "product"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by product",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"vendor\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "vendor"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by vendor",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "CSS detection",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "css_detection"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "CSS detection output fields",
                                              "minItems": 1,
                                              "type": "array",
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "cloud_provider",
                                                  "scan_configuration_name",
                                                  "file_name",
                                                  "css_threat_name",
                                                  "action_taken",
                                                  "file_location",
                                                  "file_owner",
                                                  "timestamp"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "CSS detection output fields",
                                  "minItems": 1,
                                  "type": "array",
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name",
                                      "file_name",
                                      "css_threat_name",
                                      "action_taken",
                                      "file_location",
                                      "file_owner",
                                      "timestamp"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "action_taken",
                                          "cloud_provider",
                                          "scan_configuration_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                                      "items": [
                                                        {
                                                          "const": "action_taken"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by action taken",
                                                        "type": "string",
                                                        "enum": [
                                                          "Found",
                                                          "Quarantined"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                                      "items": [
                                                        {
                                                          "const": "cloud_provider"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by cloud provider",
                                                        "type": "string",
                                                        "enum": [
                                                          "BOX",
                                                          "ONEDRIVE",
                                                          "GOOGLEDRIVE"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"scan_configuration_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "scan_configuration_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by scan configuration name",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan_configuration_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "contains": {
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan_configuration_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "not_contains": {
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan_configuration_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "begins_with": {
                                                  "title": "0: \"scan_configuration_name\". 1: string",
                                                  "type": "array",
                                                  "items": [
                                                    {
                                                      "const": "scan_configuration_name"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by scan_configuration_name",
                                                    "type": "string"
                                                  }
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "CSS capacity approached",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "css_capacity_approached"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "CSS capacity approached output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "cloud_provider",
                                                  "scan_configuration_name",
                                                  "timestamp"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "CSS capacity approached output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name",
                                      "timestamp"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "cloud_provider",
                                          "scan_configuration_name"
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "CSS capacity reached",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "css_capacity_reached"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "CSS capacity reached output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "cloud_provider",
                                                  "scan_configuration_name",
                                                  "timestamp"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "CSS capacity reached output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name",
                                      "timestamp"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "cloud_provider",
                                          "scan_configuration_name"
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "CSS capacity exceeded",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "css_capacity_exceeded"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "CSS capacity exceeded output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "cloud_provider",
                                                  "scan_configuration_name",
                                                  "timestamp"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "CSS capacity exceeded output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "cloud_provider",
                                      "scan_configuration_name",
                                      "timestamp"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "cloud_provider",
                                          "scan_configuration_name"
                                        ]
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "DNS blocked",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "dns_blocked"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "DNS blocked output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "timestamp",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "colo_id",
                                                  "device_id",
                                                  "user_id",
                                                  "dst_ip",
                                                  "src_ip",
                                                  "email",
                                                  "location",
                                                  "policy",
                                                  "rule_name",
                                                  "action",
                                                  "protocol",
                                                  "query_name",
                                                  "query_name_reversed",
                                                  "resolver_decision",
                                                  "query_category_ids",
                                                  "query_size",
                                                  "query_type",
                                                  "src_port",
                                                  "dst_port",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_type",
                                                  "os_version",
                                                  "os_architecture"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "DNS blocked output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "timestamp",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "colo_id",
                                      "device_id",
                                      "user_id",
                                      "dst_ip",
                                      "src_ip",
                                      "email",
                                      "location",
                                      "policy",
                                      "rule_name",
                                      "action",
                                      "protocol",
                                      "query_name",
                                      "query_name_reversed",
                                      "resolver_decision",
                                      "query_category_ids",
                                      "query_size",
                                      "query_type",
                                      "src_port",
                                      "dst_port",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "os_architecture"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Case management",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "siemplify_case"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Case management output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "case_id",
                                                  "case_name",
                                                  "case_status",
                                                  "case_created_at",
                                                  "priority",
                                                  "action_required",
                                                  "event",
                                                  "endpoints",
                                                  "detections"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Case management output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "case_id",
                                      "case_name",
                                      "case_status",
                                      "case_created_at",
                                      "priority",
                                      "action_required",
                                      "event",
                                      "endpoints",
                                      "detections"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "case_id"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                                      "items": [
                                                        {
                                                          "const": "event"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by status",
                                                        "type": "string",
                                                        "enum": [
                                                          "case_created",
                                                          "case_updated",
                                                          "case_closed"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                                      "items": [
                                                        {
                                                          "const": "priority"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by status",
                                                        "type": "string",
                                                        "enum": [
                                                          "Critical",
                                                          "High",
                                                          "Medium",
                                                          "Low"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"action_required\". 1: true, false",
                                                      "items": [
                                                        {
                                                          "const": "action_required"
                                                        },
                                                        {
                                                          "title": "Filter events by CISA exploitable"
                                                        }
                                                      ],
                                                      "additionalItems": false,
                                                      "if": {
                                                        "items": [
                                                          {
                                                            "const": "action_required"
                                                          }
                                                        ]
                                                      },
                                                      "then": {
                                                        "items": [
                                                          {
                                                            "const": "action_required"
                                                          },
                                                          {
                                                            "type": "boolean"
                                                          }
                                                        ]
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Application block",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "app_block"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Application block output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "app_block_rules",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_type",
                                                  "os_version",
                                                  "scanned_at",
                                                  "file_path",
                                                  "last_user"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Application block output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "app_block_rules",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "scanned_at",
                                      "file_path",
                                      "last_user"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "group_id",
                                          "group_name",
                                          "policy_id",
                                          "policy_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "additionalItems": false
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "const": ""
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Entitlement changed",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "license_entitlement_changed"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Entitlement changed output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "license_term_type",
                                                  "license_status",
                                                  "licensed_seats",
                                                  "used_seats",
                                                  "license_key",
                                                  "catalog_code",
                                                  "combo_product",
                                                  "licensed_product",
                                                  "license_expires_at",
                                                  "license_key_status",
                                                  "auto_renew",
                                                  "status"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Entitlement changed output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status",
                                      "licensed_seats",
                                      "used_seats",
                                      "license_key",
                                      "catalog_code",
                                      "combo_product",
                                      "licensed_product",
                                      "license_expires_at",
                                      "license_key_status",
                                      "auto_renew",
                                      "status"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "license_term_type",
                                          "license_status"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                                      "items": [
                                                        {
                                                          "const": "status"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by status",
                                                        "type": "string",
                                                        "enum": [
                                                          "added",
                                                          "updated",
                                                          "removed"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                      "items": [
                                                        {
                                                          "const": "license_term_type"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by license term type",
                                                        "type": "string",
                                                        "enum": [
                                                          "cloud_evaluation",
                                                          "evaluation",
                                                          "freemium",
                                                          "nfr",
                                                          "site_license",
                                                          "subscription",
                                                          "utility"
                                                        ]
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Entitlement usage changed",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "license_entitlement_usage_changed"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Entitlement usage changed output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "license_term_type",
                                                  "license_status",
                                                  "licensed_seats",
                                                  "used_seats",
                                                  "license_key",
                                                  "catalog_code",
                                                  "combo_product",
                                                  "licensed_product",
                                                  "license_expires_at",
                                                  "license_key_status",
                                                  "auto_renew"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Entitlement usage changed output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "license_term_type",
                                      "license_status",
                                      "licensed_seats",
                                      "used_seats",
                                      "license_key",
                                      "catalog_code",
                                      "combo_product",
                                      "licensed_product",
                                      "license_expires_at",
                                      "license_key_status",
                                      "auto_renew"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "license_term_type",
                                          "license_status"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                  "items": [
                                                    {
                                                      "const": "license_term_type"
                                                    }
                                                  ],
                                                  "additionalItems": {
                                                    "title": "Filter events by license term type",
                                                    "type": "string",
                                                    "enum": [
                                                      "cloud_evaluation",
                                                      "evaluation",
                                                      "freemium",
                                                      "nfr",
                                                      "site_license",
                                                      "subscription",
                                                      "utility"
                                                    ]
                                                  }
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Endpoint status changed",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "endpoint_status_changed"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Endpoint status changed",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "account_id",
                                                  "account_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "status_change",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_type",
                                                  "os_version",
                                                  "codes"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Endpoint status changed",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "status_change",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version",
                                      "codes"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "status_change",
                                          "machine_id",
                                          "machine_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                                      "items": [
                                                        {
                                                          "const": "status_change"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter the type of status_change to be notified",
                                                        "type": "string",
                                                        "enum": [
                                                          "ENDPOINT_REBOOT_REQUIRED",
                                                          "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                          "ENDPOINT_INFECTED",
                                                          "ENDPOINT_REMEDIATED",
                                                          "ENDPOINT_ISOLATED",
                                                          "ENDPOINT_UNISOLATED",
                                                          "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                          "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                          "AGENT_ALERTS_CHANGED"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Inactive endpoint",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "inactive_endpoint"
                                  ]
                                },
                                "delivery": {
                                  "properties": {
                                    "output_fields": {
                                      "title": "Information to include in the JSON body. If omitted, include all",
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name",
                                          "group_id",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "os_platform",
                                          "os_release_name",
                                          "os_type",
                                          "os_version",
                                          "last_seen_at"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                                      "items": [
                                                        {
                                                          "const": "os_type"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS type",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"policy_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_name",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"policy_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_name",
                                                        "type": "string"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_name\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_name"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_name",
                                                        "type": "string"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"last_seen_at\"",
                                                      "items": [
                                                        {
                                                          "const": "last_seen_at"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter inactive machines by less than equals days since last active",
                                                        "type": "number",
                                                        "minimum": 1
                                                      }
                                                    }
                                                  ]
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"last_seen_at\"",
                                                      "items": [
                                                        {
                                                          "const": "last_seen_at"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter inactive machines by less than equals days since last active",
                                                        "type": "number",
                                                        "minimum": 1
                                                      }
                                                    }
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Firewall activity",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "firewall_activity"
                                  ]
                                },
                                "delivery": {
                                  "anyOf": [
                                    {
                                      "allOf": [
                                        {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        },
                                        {
                                          "properties": {
                                            "output_fields": {
                                              "title": "Firewall activity output fields",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "enum": [
                                                  "start_time",
                                                  "end_time",
                                                  "rule_id",
                                                  "rule_name",
                                                  "ruleset_id",
                                                  "ruleset_name",
                                                  "direction",
                                                  "action",
                                                  "protocol",
                                                  "location",
                                                  "program",
                                                  "service",
                                                  "hits",
                                                  "account_id",
                                                  "account_name",
                                                  "machine_id",
                                                  "machine_name",
                                                  "group_id",
                                                  "group_name",
                                                  "policy_id",
                                                  "policy_name",
                                                  "os_platform",
                                                  "os_release_name",
                                                  "os_type",
                                                  "os_version"
                                                ]
                                              }
                                            }
                                          }
                                        }
                                      ]
                                    },
                                    {
                                      "type": "array",
                                      "items": {
                                        "title": "Notification delivery schema",
                                        "type": "object",
                                        "required": [
                                          "type"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "Webhook delivery",
                                            "required": [
                                              "url"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "webhook"
                                                ]
                                              },
                                              "url": {
                                                "title": "Webhook url",
                                                "type": "string",
                                                "format": "uri"
                                              },
                                              "custom_headers": {
                                                "title": "Custom headers that will be included in the request",
                                                "type": "object",
                                                "additionalProperties": {
                                                  "type": "string"
                                                }
                                              },
                                              "max_retries": {
                                                "title": "Maximum number of retries if the delivery is not successful",
                                                "type": "number"
                                              },
                                              "secret_token": {
                                                "title": "The secret token that will be used to sign the message",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Email delivery",
                                            "required": [
                                              "recipients",
                                              "subject"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "email"
                                                ]
                                              },
                                              "recipients": {
                                                "title": "Recipients list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "format": "email"
                                                }
                                              },
                                              "subject": {
                                                "title": "The subject of the email",
                                                "type": "string"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Slack delivery",
                                            "required": [
                                              "channels"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "slack"
                                                ]
                                              },
                                              "channels": {
                                                "title": "Slack channels list",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MS Teams delivery",
                                            "required": [
                                              "conversations"
                                            ],
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "teams"
                                                ]
                                              },
                                              "conversations": {
                                                "title": "MS Teams conversations IDs",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Mobile push notification delivery",
                                            "properties": {
                                              "type": {
                                                "title": "Delivery method",
                                                "type": "string",
                                                "enum": [
                                                  "mobile"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                "output_fields": {
                                  "title": "Firewall activity output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "start_time",
                                      "end_time",
                                      "rule_id",
                                      "rule_name",
                                      "ruleset_id",
                                      "ruleset_name",
                                      "direction",
                                      "action",
                                      "protocol",
                                      "location",
                                      "program",
                                      "service",
                                      "hits",
                                      "account_id",
                                      "account_name",
                                      "machine_id",
                                      "machine_name",
                                      "group_id",
                                      "group_name",
                                      "policy_id",
                                      "policy_name",
                                      "os_platform",
                                      "os_release_name",
                                      "os_type",
                                      "os_version"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "machine_id",
                                          "machine_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                                      "items": [
                                                        {
                                                          "const": "action"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by action",
                                                        "type": "string",
                                                        "enum": [
                                                          "ALLOW",
                                                          "BLOCK"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                                      "items": [
                                                        {
                                                          "const": "direction"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by direction",
                                                        "type": "string",
                                                        "enum": [
                                                          "Inbound",
                                                          "Outbound"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                      "items": [
                                                        {
                                                          "const": "os_platform"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by OS platform",
                                                        "type": "number",
                                                        "enum": [
                                                          1,
                                                          2,
                                                          3
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"policy_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "policy_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by policy_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "const": ""
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "Endpoint isolation",
                              "properties": {
                                "category": {
                                  "enum": [
                                    "endpoint_isolation"
                                  ]
                                },
                                "delivery": {
                                  "type": "array",
                                  "items": {
                                    "title": "Notification delivery schema",
                                    "type": "object",
                                    "required": [
                                      "type"
                                    ],
                                    "anyOf": [
                                      {
                                        "title": "Webhook delivery",
                                        "required": [
                                          "url"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "webhook"
                                            ]
                                          },
                                          "url": {
                                            "title": "Webhook url",
                                            "type": "string",
                                            "format": "uri"
                                          },
                                          "custom_headers": {
                                            "title": "Custom headers that will be included in the request",
                                            "type": "object",
                                            "additionalProperties": {
                                              "type": "string"
                                            }
                                          },
                                          "max_retries": {
                                            "title": "Maximum number of retries if the delivery is not successful",
                                            "type": "number"
                                          },
                                          "secret_token": {
                                            "title": "The secret token that will be used to sign the message",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Email delivery",
                                        "required": [
                                          "recipients",
                                          "subject"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "email"
                                            ]
                                          },
                                          "recipients": {
                                            "title": "Recipients list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string",
                                              "format": "email"
                                            }
                                          },
                                          "subject": {
                                            "title": "The subject of the email",
                                            "type": "string"
                                          }
                                        }
                                      },
                                      {
                                        "title": "Slack delivery",
                                        "required": [
                                          "channels"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "slack"
                                            ]
                                          },
                                          "channels": {
                                            "title": "Slack channels list",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "MS Teams delivery",
                                        "required": [
                                          "conversations"
                                        ],
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "teams"
                                            ]
                                          },
                                          "conversations": {
                                            "title": "MS Teams conversations IDs",
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "title": "Mobile push notification delivery",
                                        "properties": {
                                          "type": {
                                            "title": "Delivery method",
                                            "type": "string",
                                            "enum": [
                                              "mobile"
                                            ]
                                          }
                                        }
                                      }
                                    ]
                                  }
                                },
                                "output_fields": {
                                  "title": "Endpoint isolation output fields",
                                  "type": "array",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "account_name",
                                      "status",
                                      "created_at",
                                      "updated_at",
                                      "expires_at",
                                      "machine_id",
                                      "machine_name",
                                      "os_release_name",
                                      "os_platform",
                                      "os_type",
                                      "os_version",
                                      "rule_id"
                                    ]
                                  }
                                },
                                "aggregation": {
                                  "properties": {
                                    "group_by": {
                                      "type": "array",
                                      "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                      "items": {
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "status",
                                          "machine_id",
                                          "machine_name"
                                        ]
                                      }
                                    }
                                  }
                                },
                                "conditions": {
                                  "title": "Filters the events that will be notified. It depends on category",
                                  "type": "object",
                                  "additionalProperties": false,
                                  "properties": {
                                    "or": {
                                      "type": "array",
                                      "minItems": 1,
                                      "items": {
                                        "type": "object",
                                        "additionalProperties": false,
                                        "properties": {
                                          "and": {
                                            "type": "array",
                                            "minItems": 1,
                                            "items": {
                                              "type": "object",
                                              "additionalProperties": false,
                                              "properties": {
                                                "eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                      "items": [
                                                        {
                                                          "const": "status"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter the type of the status update to be notified",
                                                        "type": "string",
                                                        "enum": [
                                                          "COMPLETED",
                                                          "EXPIRED",
                                                          "FAILED",
                                                          "CANCELLED"
                                                        ]
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "not_eq": {
                                                  "type": "array",
                                                  "anyOf": [
                                                    {
                                                      "title": "0: \"machine_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "machine_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by machine_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    },
                                                    {
                                                      "title": "0: \"group_id\". 1: string",
                                                      "items": [
                                                        {
                                                          "const": "group_id"
                                                        }
                                                      ],
                                                      "additionalItems": {
                                                        "title": "Filter events by group_id",
                                                        "type": "string",
                                                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                      }
                                                    }
                                                  ]
                                                },
                                                "contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "not_contains": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "begins_with": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "exists": {
                                                  "type": "string",
                                                  "anyOf": [
                                                    {
                                                      "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                      "const": "rule_id"
                                                    }
                                                  ]
                                                },
                                                "not_exists": {
                                                  "type": "string",
                                                  "anyOf": [
                                                    {
                                                      "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                      "const": "rule_id"
                                                    }
                                                  ]
                                                },
                                                "lte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                },
                                                "gte": {
                                                  "type": "array",
                                                  "additionalItems": false
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          ],
                          "if": {
                            "properties": {
                              "category": {
                                "enum": [
                                  "user_added",
                                  "user_deleted",
                                  "user_verified",
                                  "license_over_deployment",
                                  "css_capacity_approached",
                                  "css_capacity_reached",
                                  "css_capacity_exceeded"
                                ]
                              }
                            }
                          },
                          "then": {
                            "properties": {
                              "conditions": {
                                "additionalProperties": false
                              }
                            }
                          }
                        },
                        {
                          "required": [
                            "id"
                          ],
                          "properties": {
                            "id": {
                              "title": "Notification Id",
                              "type": "string"
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "202": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The get all notification Body",
                  "required": [
                    "records",
                    "next_cursor"
                  ],
                  "properties": {
                    "records": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "title": "The get notification Body",
                        "allOf": [
                          {
                            "type": "object",
                            "title": "The create notification Body",
                            "required": [
                              "name",
                              "category",
                              "delivery"
                            ],
                            "properties": {
                              "name": {
                                "title": "Notification name. Must be unique",
                                "type": "string"
                              },
                              "description": {
                                "title": "Notification description",
                                "type": "string",
                                "default": ""
                              },
                              "category": {
                                "title": "The category of the events to be notified",
                                "type": "string"
                              },
                              "conditions": {
                                "title": "Filters the events that will be notified. It depends on category",
                                "type": "object"
                              },
                              "aggregation": {
                                "title": "Aggregate multiple events in a single notifications",
                                "type": "object",
                                "properties": {
                                  "interval": {
                                    "title": "Interval in seconds for aggregating events in a single notification. It must be defined to apply aggregation",
                                    "type": "integer",
                                    "minimum": 10,
                                    "maximum": 86400
                                  }
                                }
                              },
                              "enabled": {
                                "title": "enable/disable notification",
                                "type": "boolean",
                                "default": true
                              },
                              "owner": {
                                "title": "the identifier of the owner of the subscription, in the scope of the client. Only for MSP, ignore otherwise",
                                "type": "string"
                              }
                            },
                            "anyOf": [
                              {
                                "title": "Detections",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "threat_detections"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Detections output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "os_release_name",
                                                    "os_platform",
                                                    "os_type",
                                                    "os_version",
                                                    "category",
                                                    "type",
                                                    "path",
                                                    "status",
                                                    "scanned_at",
                                                    "reported_at",
                                                    "threat_name",
                                                    "affected_application",
                                                    "process_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "machine_ip",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "nics",
                                                    "md5",
                                                    "sha256",
                                                    "engine_version",
                                                    "last_user"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Detections output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "os_type",
                                        "os_version",
                                        "category",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "affected_application",
                                        "process_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "md5",
                                        "sha256",
                                        "engine_version",
                                        "last_user"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "affected_application",
                                            "category",
                                            "group_id",
                                            "group_name",
                                            "machine_id",
                                            "machine_ip",
                                            "machine_name",
                                            "os_platform",
                                            "os_release_name",
                                            "path",
                                            "policy_id",
                                            "policy_name",
                                            "process_name",
                                            "status",
                                            "threat_name",
                                            "type"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"category\". 1: \"MALWARE\",\"PUP\",\"PUM\",\"AE\",\"ARW\",\"MWAC\",\"RID\",\"VULNERABLE_DRIVER\"",
                                                        "items": [
                                                          {
                                                            "const": "category"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by detection category",
                                                          "type": "string",
                                                          "enum": [
                                                            "MALWARE",
                                                            "PUP",
                                                            "PUM",
                                                            "AE",
                                                            "ARW",
                                                            "MWAC",
                                                            "RID",
                                                            "VULNERABLE_DRIVER"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"action\". 1: \"blocked\", \"found\", \"quarantined\", \"deleted\", \"restored\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action",
                                                          "type": "string",
                                                          "enum": [
                                                            "blocked",
                                                            "found",
                                                            "quarantined",
                                                            "deleted",
                                                            "restored"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3,
                                                            4,
                                                            5,
                                                            6
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"rtp\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "rtp"
                                                          },
                                                          {
                                                            "title": "Filter events by real time protection"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "rtp"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "rtp"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"type\". 1: \"application\", \"exploit\", \"extension\", \"file\", \"folder\", \"InboundConnection\", \"module\", \"OutboundConnection\", \"process\", \"reg_key\", \"reg_value\"",
                                                        "items": [
                                                          {
                                                            "const": "type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by type",
                                                          "type": "string",
                                                          "enum": [
                                                            "application",
                                                            "exploit",
                                                            "extension",
                                                            "file",
                                                            "folder",
                                                            "InboundConnection",
                                                            "module",
                                                            "OutboundConnection",
                                                            "process",
                                                            "reg_key",
                                                            "reg_value"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "not_contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "begins_with": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Suspicious activity",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "threat_suspicious_activity"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Suspicious activity",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "severity",
                                                    "account_id",
                                                    "account_name",
                                                    "os_release_name",
                                                    "os_platform",
                                                    "type",
                                                    "path",
                                                    "status",
                                                    "scanned_at",
                                                    "reported_at",
                                                    "threat_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "machine_ip",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "nics",
                                                    "last_user",
                                                    "first_activity",
                                                    "last_activity",
                                                    "isolation_type"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Suspicious activity",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "severity",
                                        "account_id",
                                        "account_name",
                                        "os_release_name",
                                        "os_platform",
                                        "type",
                                        "path",
                                        "status",
                                        "scanned_at",
                                        "reported_at",
                                        "threat_name",
                                        "machine_id",
                                        "machine_name",
                                        "machine_ip",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "nics",
                                        "last_user",
                                        "first_activity",
                                        "last_activity",
                                        "isolation_type"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "group_id",
                                            "group_name",
                                            "machine_id",
                                            "machine_ip",
                                            "machine_name",
                                            "os_platform",
                                            "os_release_name",
                                            "path",
                                            "policy_id",
                                            "policy_name",
                                            "severity",
                                            "status",
                                            "threat_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"level\". 1: \"low\", \"medium\", \"high\", \"critical\"",
                                                        "items": [
                                                          {
                                                            "const": "level"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by severity level",
                                                          "type": "string",
                                                          "enum": [
                                                            "low",
                                                            "medium",
                                                            "high",
                                                            "critical"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux), \"4\"(Android), \"3\"(IOS), \"3\"(ChromeOS)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3,
                                                            4,
                                                            5,
                                                            6
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"threat_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "threat_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "not_contains": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "begins_with": {
                                                    "title": "0: \"threat_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "threat_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by threat_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by isolation_type exists",
                                                        "const": "isolation_type"
                                                      }
                                                    ]
                                                  },
                                                  "not_exists": {
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by isolation_type not exists",
                                                        "const": "isolation_type"
                                                      }
                                                    ]
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "User added",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "user_added"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "User added",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "ip_address",
                                                    "invited_by",
                                                    "role",
                                                    "email",
                                                    "full_group_access",
                                                    "timestamp",
                                                    "account_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "User added",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "invited_by",
                                        "role",
                                        "email",
                                        "full_group_access",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "invited_by",
                                            "ip_address",
                                            "role"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "User deleted",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "user_deleted"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "User deleted output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "ip_address",
                                                    "timestamp",
                                                    "account_id",
                                                    "deleted_by",
                                                    "email"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "User deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "ip_address",
                                        "timestamp",
                                        "account_id",
                                        "deleted_by",
                                        "email"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "ip_address",
                                            "deleted_by"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "User verified",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "user_verified"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "User verified",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "email",
                                                    "timestamp",
                                                    "account_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "User verified",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "email",
                                        "timestamp",
                                        "account_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint registered",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_registered"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Endpoint registered output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "created_at"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Endpoint registered output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "created_at"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint deleted",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_unregistered"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Endpoint deleted output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "timestamp",
                                                    "timeout"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Endpoint deleted output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "timestamp",
                                        "timeout"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"timeout\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "timeout"
                                                          },
                                                          {
                                                            "title": "Filter events by timeout (true if the machine was deleted because marked_for_deletion and never connected again until a timeout)"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "timeout"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "timeout"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Command update",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_command_update"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Command update output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "command",
                                                    "status",
                                                    "created_at",
                                                    "updated_at",
                                                    "expires_at",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Command update output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "command",
                                        "status",
                                        "created_at",
                                        "updated_at",
                                        "expires_at",
                                        "machine_id",
                                        "machine_name",
                                        "group_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "command",
                                            "status",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"CREATED\",\"SENT\",\"RECEIVED\",\"STARTED\",\"TIMED_OUT\",\"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter the type of the machine_events to be notified",
                                                          "type": "string",
                                                          "enum": [
                                                            "CREATED",
                                                            "SENT",
                                                            "RECEIVED",
                                                            "STARTED",
                                                            "TIMED_OUT",
                                                            "COMPLETED",
                                                            "EXPIRED",
                                                            "FAILED",
                                                            "CANCELLED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Quarantine",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "quarantine"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Quarantine output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "path",
                                                    "machine_name",
                                                    "created_at",
                                                    "status"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Quarantine output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "path",
                                        "machine_name",
                                        "created_at",
                                        "status"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "title": "0: \"quarantine_action\". 1: \"QUARANTINE_DELETED\",\"QUARANTINE_RESTORED\"",
                                                    "items": [
                                                      {
                                                        "const": "quarantine_action"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter the type of the quarantine_events to be notified",
                                                      "type": "string",
                                                      "enum": [
                                                        "QUARANTINE_DELETED",
                                                        "QUARANTINE_RESTORED"
                                                      ]
                                                    }
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Threat scan",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "threat_scan"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Threat scan output_fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "scan_date",
                                                    "scan_id",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "ip_address",
                                                    "detections"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Threat scan output_fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "scan_date",
                                        "scan_id",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "ip_address",
                                        "detections"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "ip_address",
                                            "policy_id",
                                            "policy_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action\". 1: \"THREAT_CLEANED\",\"THREAT_FOUND\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat activity action",
                                                          "type": "string",
                                                          "enum": [
                                                            "THREAT_CLEANED",
                                                            "THREAT_FOUND"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Device control",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "device_control"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Device control output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "path",
                                                    "date",
                                                    "action",
                                                    "device_name",
                                                    "manufacturer",
                                                    "volume_serial",
                                                    "serial_number",
                                                    "physical_disk_name",
                                                    "disk_interface",
                                                    "file_system",
                                                    "volume_name",
                                                    "volume_device_path",
                                                    "last_user"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Device control output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "path",
                                        "date",
                                        "action",
                                        "device_name",
                                        "manufacturer",
                                        "volume_serial",
                                        "serial_number",
                                        "physical_disk_name",
                                        "disk_interface",
                                        "file_system",
                                        "volume_name",
                                        "volume_device_path",
                                        "last_user"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "group_id",
                                            "group_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform",
                                            "os_release_name",
                                            "policy_id",
                                            "policy_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action\". 1: \"blocked\", \"read-only\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action",
                                                          "type": "string",
                                                          "enum": [
                                                            "blocked",
                                                            "read-only"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"device_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "device_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"manufacturer\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "manufacturer"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by threat_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Site end date",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_expiring"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Site end date output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product",
                                                    "licensed_product",
                                                    "license_expires_at",
                                                    "days_left"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Site end date output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "days_left"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"days_left\". 1: 0,1,3,5,7,14,30",
                                                        "items": [
                                                          {
                                                            "const": "days_left"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by days left before the license expiration",
                                                          "type": "number",
                                                          "enum": [
                                                            0,
                                                            1,
                                                            3,
                                                            5,
                                                            7,
                                                            14,
                                                            30
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                        "items": [
                                                          {
                                                            "const": "license_term_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by license term type",
                                                          "type": "string",
                                                          "enum": [
                                                            "cloud_evaluation",
                                                            "evaluation",
                                                            "freemium",
                                                            "nfr",
                                                            "site_license",
                                                            "subscription",
                                                            "utility"
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Site over deployed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_over_deployment"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Site over deployed output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Site over deployed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                        "items": [
                                                          {
                                                            "const": "license_term_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by license term type",
                                                          "type": "string",
                                                          "enum": [
                                                            "cloud_evaluation",
                                                            "evaluation",
                                                            "freemium",
                                                            "nfr",
                                                            "site_license",
                                                            "subscription",
                                                            "utility"
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Vulnerability status",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "cve_found"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Vulnerability status output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "product",
                                                    "vendor",
                                                    "installed_version",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "cve_id",
                                                    "severity",
                                                    "created_at",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "cisa_exploitable",
                                                    "known_ransomware_campaign_use",
                                                    "description",
                                                    "published_at",
                                                    "severity_score"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Vulnerability status output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "installed_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "cve_id",
                                        "severity",
                                        "created_at",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "description",
                                        "published_at",
                                        "severity_score"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "cve_id",
                                            "product",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"severity\". 1: \"unknown\",\"low\",\"medium\",\"high\",\"critical\"",
                                                        "items": [
                                                          {
                                                            "const": "severity"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by severity",
                                                          "type": "string",
                                                          "enum": [
                                                            "unknown",
                                                            "low",
                                                            "medium",
                                                            "high",
                                                            "critical"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"cisa_exploitable\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "cisa_exploitable"
                                                          },
                                                          {
                                                            "title": "Filter events by CISA exploitable"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "cisa_exploitable"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "cisa_exploitable"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by available patch exists",
                                                        "const": "available_patch"
                                                      }
                                                    ]
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by available patch not exists",
                                                        "const": "available_patch"
                                                      }
                                                    ]
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Patch applied",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "patch_applied"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Patch applied output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "title",
                                                    "description",
                                                    "product",
                                                    "vendor",
                                                    "severity",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "reboot_required",
                                                    "preview_patch",
                                                    "date",
                                                    "status",
                                                    "category"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Patch applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "status",
                                        "category"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\",\"REBOOT_REQUIRED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "COMPLETED",
                                                            "FAILED",
                                                            "REBOOT_REQUIRED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"preview_patch\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          },
                                                          {
                                                            "title": "Filter events by preview_patch"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Software update applied",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "software_update"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Software update applied output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "product",
                                                    "vendor",
                                                    "current_version",
                                                    "new_version",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "date",
                                                    "status",
                                                    "signature_id"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Software update applied output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "product",
                                        "vendor",
                                        "current_version",
                                        "new_version",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "date",
                                        "status",
                                        "signature_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"COMPLETED\",\"FAILED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "COMPLETED",
                                                            "FAILED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Patch or software update available",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "patch_available"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Patch or software update available",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "title",
                                                    "description",
                                                    "product",
                                                    "vendor",
                                                    "severity",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_version",
                                                    "reboot_required",
                                                    "preview_patch",
                                                    "date",
                                                    "category",
                                                    "patch_id",
                                                    "released_at",
                                                    "size"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Patch or software update available",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "title",
                                        "description",
                                        "product",
                                        "vendor",
                                        "severity",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_version",
                                        "reboot_required",
                                        "preview_patch",
                                        "date",
                                        "category",
                                        "patch_id",
                                        "released_at",
                                        "size"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "os_platform"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"severity\". 1: \"unknown\",\"moderate\",\"low\",\"important\",\"critical\"",
                                                        "items": [
                                                          {
                                                            "const": "severity"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by severity",
                                                          "type": "string",
                                                          "enum": [
                                                            "unknown",
                                                            "moderate",
                                                            "low",
                                                            "important",
                                                            "critical"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"reboot_required\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "reboot_required"
                                                          },
                                                          {
                                                            "title": "Filter events by reboot_required"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "reboot_required"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "reboot_required"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"preview_patch\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "preview_patch"
                                                          },
                                                          {
                                                            "title": "Filter events by preview_patch"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "preview_patch"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"product\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "product"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by product",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"vendor\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "vendor"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by vendor",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS detection",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_detection"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS detection output fields",
                                                "minItems": 1,
                                                "type": "array",
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "file_name",
                                                    "css_threat_name",
                                                    "action_taken",
                                                    "file_location",
                                                    "file_owner",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS detection output fields",
                                    "minItems": 1,
                                    "type": "array",
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "file_name",
                                        "css_threat_name",
                                        "action_taken",
                                        "file_location",
                                        "file_owner",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "action_taken",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action_taken\". 1: \"Found\", \"Quarantined\"",
                                                        "items": [
                                                          {
                                                            "const": "action_taken"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action taken",
                                                          "type": "string",
                                                          "enum": [
                                                            "Found",
                                                            "Quarantined"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"cloud_provider\". 1: \"BOX\", \"ONEDRIVE\", \"GOOGLEDRIVE\"",
                                                        "items": [
                                                          {
                                                            "const": "cloud_provider"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by cloud provider",
                                                          "type": "string",
                                                          "enum": [
                                                            "BOX",
                                                            "ONEDRIVE",
                                                            "GOOGLEDRIVE"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"scan_configuration_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "scan_configuration_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by scan configuration name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "contains": {
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "not_contains": {
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "begins_with": {
                                                    "title": "0: \"scan_configuration_name\". 1: string",
                                                    "type": "array",
                                                    "items": [
                                                      {
                                                        "const": "scan_configuration_name"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by scan_configuration_name",
                                                      "type": "string"
                                                    }
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS capacity approached",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_capacity_approached"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS capacity approached output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS capacity approached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS capacity reached",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_capacity_reached"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS capacity reached output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS capacity reached output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "CSS capacity exceeded",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "css_capacity_exceeded"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "CSS capacity exceeded output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "cloud_provider",
                                                    "scan_configuration_name",
                                                    "timestamp"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "CSS capacity exceeded output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "cloud_provider",
                                        "scan_configuration_name",
                                        "timestamp"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "cloud_provider",
                                            "scan_configuration_name"
                                          ]
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "DNS blocked",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "dns_blocked"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "DNS blocked output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "timestamp",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "colo_id",
                                                    "device_id",
                                                    "user_id",
                                                    "dst_ip",
                                                    "src_ip",
                                                    "email",
                                                    "location",
                                                    "policy",
                                                    "rule_name",
                                                    "action",
                                                    "protocol",
                                                    "query_name",
                                                    "query_name_reversed",
                                                    "resolver_decision",
                                                    "query_category_ids",
                                                    "query_size",
                                                    "query_type",
                                                    "src_port",
                                                    "dst_port",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "os_architecture"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "DNS blocked output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "timestamp",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "colo_id",
                                        "device_id",
                                        "user_id",
                                        "dst_ip",
                                        "src_ip",
                                        "email",
                                        "location",
                                        "policy",
                                        "rule_name",
                                        "action",
                                        "protocol",
                                        "query_name",
                                        "query_name_reversed",
                                        "resolver_decision",
                                        "query_category_ids",
                                        "query_size",
                                        "query_type",
                                        "src_port",
                                        "dst_port",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "os_architecture"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Case management",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "siemplify_case"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Case management output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "case_id",
                                                    "case_name",
                                                    "case_status",
                                                    "case_created_at",
                                                    "priority",
                                                    "action_required",
                                                    "event",
                                                    "endpoints",
                                                    "detections"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Case management output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "case_id",
                                        "case_name",
                                        "case_status",
                                        "case_created_at",
                                        "priority",
                                        "action_required",
                                        "event",
                                        "endpoints",
                                        "detections"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "case_id"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"event\". 1: \"case_created\",\"case_updated\",\"case_closed\"",
                                                        "items": [
                                                          {
                                                            "const": "event"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "case_created",
                                                            "case_updated",
                                                            "case_closed"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"priority\". 1: \"Critical\", \"High\", \"Medium\", \"Low\"",
                                                        "items": [
                                                          {
                                                            "const": "priority"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "Critical",
                                                            "High",
                                                            "Medium",
                                                            "Low"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"action_required\". 1: true, false",
                                                        "items": [
                                                          {
                                                            "const": "action_required"
                                                          },
                                                          {
                                                            "title": "Filter events by CISA exploitable"
                                                          }
                                                        ],
                                                        "additionalItems": false,
                                                        "if": {
                                                          "items": [
                                                            {
                                                              "const": "action_required"
                                                            }
                                                          ]
                                                        },
                                                        "then": {
                                                          "items": [
                                                            {
                                                              "const": "action_required"
                                                            },
                                                            {
                                                              "type": "boolean"
                                                            }
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Application block",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "app_block"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Application block output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "app_block_rules",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "scanned_at",
                                                    "file_path",
                                                    "last_user"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Application block output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "app_block_rules",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "scanned_at",
                                        "file_path",
                                        "last_user"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "group_id",
                                            "group_name",
                                            "policy_id",
                                            "policy_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "additionalItems": false
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "const": ""
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Entitlement changed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_entitlement_changed"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Entitlement changed output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product",
                                                    "licensed_product",
                                                    "license_expires_at",
                                                    "license_key_status",
                                                    "auto_renew",
                                                    "status"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Entitlement changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew",
                                        "status"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"added\",\"updated\",\"removed\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by status",
                                                          "type": "string",
                                                          "enum": [
                                                            "added",
                                                            "updated",
                                                            "removed"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                        "items": [
                                                          {
                                                            "const": "license_term_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by license term type",
                                                          "type": "string",
                                                          "enum": [
                                                            "cloud_evaluation",
                                                            "evaluation",
                                                            "freemium",
                                                            "nfr",
                                                            "site_license",
                                                            "subscription",
                                                            "utility"
                                                          ]
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Entitlement usage changed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "license_entitlement_usage_changed"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Entitlement usage changed output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "license_term_type",
                                                    "license_status",
                                                    "licensed_seats",
                                                    "used_seats",
                                                    "license_key",
                                                    "catalog_code",
                                                    "combo_product",
                                                    "licensed_product",
                                                    "license_expires_at",
                                                    "license_key_status",
                                                    "auto_renew"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Entitlement usage changed output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "license_term_type",
                                        "license_status",
                                        "licensed_seats",
                                        "used_seats",
                                        "license_key",
                                        "catalog_code",
                                        "combo_product",
                                        "licensed_product",
                                        "license_expires_at",
                                        "license_key_status",
                                        "auto_renew"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "license_term_type",
                                            "license_status"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "title": "0: \"license_term_type\". 1: \"cloud_evaluation\",\"evaluation\",\"freemium\",\"nfr\",\"site_license\",\"subscription\",\"utility\"",
                                                    "items": [
                                                      {
                                                        "const": "license_term_type"
                                                      }
                                                    ],
                                                    "additionalItems": {
                                                      "title": "Filter events by license term type",
                                                      "type": "string",
                                                      "enum": [
                                                        "cloud_evaluation",
                                                        "evaluation",
                                                        "freemium",
                                                        "nfr",
                                                        "site_license",
                                                        "subscription",
                                                        "utility"
                                                      ]
                                                    }
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint status changed",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_status_changed"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Endpoint status changed",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "status_change",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version",
                                                    "codes"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Endpoint status changed",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "status_change",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version",
                                        "codes"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "status_change",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status_change\". 1: \"ENDPOINT_REBOOT_REQUIRED\",\"ENDPOINT_REBOOT_REQUIRED_CLEARED\",\"ENDPOINT_INFECTED\",\"ENDPOINT_REMEDIATED\",\"ENDPOINT_ISOLATED\",\"ENDPOINT_UNISOLATED\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND\",\"ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED\",\"AGENT_ALERTS_CHANGED\"",
                                                        "items": [
                                                          {
                                                            "const": "status_change"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter the type of status_change to be notified",
                                                          "type": "string",
                                                          "enum": [
                                                            "ENDPOINT_REBOOT_REQUIRED",
                                                            "ENDPOINT_REBOOT_REQUIRED_CLEARED",
                                                            "ENDPOINT_INFECTED",
                                                            "ENDPOINT_REMEDIATED",
                                                            "ENDPOINT_ISOLATED",
                                                            "ENDPOINT_UNISOLATED",
                                                            "ENDPOINT_SUSPICIOUS_ACTIVITY_FOUND",
                                                            "ENDPOINT_SUSPICIOUS_ACTIVITY_CLEARED",
                                                            "AGENT_ALERTS_CHANGED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Inactive endpoint",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "inactive_endpoint"
                                    ]
                                  },
                                  "delivery": {
                                    "properties": {
                                      "output_fields": {
                                        "title": "Information to include in the JSON body. If omitted, include all",
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name",
                                            "group_id",
                                            "group_name",
                                            "policy_id",
                                            "policy_name",
                                            "os_platform",
                                            "os_release_name",
                                            "os_type",
                                            "os_version",
                                            "last_seen_at"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_type\". 1: \"1\"(Workstation), \"2\"(Server), \"3\"(Mobile)",
                                                        "items": [
                                                          {
                                                            "const": "os_type"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS type",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"policy_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"policy_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_name",
                                                          "type": "string"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_name\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_name"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_name",
                                                          "type": "string"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"last_seen_at\"",
                                                        "items": [
                                                          {
                                                            "const": "last_seen_at"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter inactive machines by less than equals days since last active",
                                                          "type": "number",
                                                          "minimum": 1
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"last_seen_at\"",
                                                        "items": [
                                                          {
                                                            "const": "last_seen_at"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter inactive machines by less than equals days since last active",
                                                          "type": "number",
                                                          "minimum": 1
                                                        }
                                                      }
                                                    ]
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Firewall activity",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "firewall_activity"
                                    ]
                                  },
                                  "delivery": {
                                    "anyOf": [
                                      {
                                        "allOf": [
                                          {
                                            "title": "Notification delivery schema",
                                            "type": "object",
                                            "required": [
                                              "type"
                                            ],
                                            "anyOf": [
                                              {
                                                "title": "Webhook delivery",
                                                "required": [
                                                  "url"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "webhook"
                                                    ]
                                                  },
                                                  "url": {
                                                    "title": "Webhook url",
                                                    "type": "string",
                                                    "format": "uri"
                                                  },
                                                  "custom_headers": {
                                                    "title": "Custom headers that will be included in the request",
                                                    "type": "object",
                                                    "additionalProperties": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "max_retries": {
                                                    "title": "Maximum number of retries if the delivery is not successful",
                                                    "type": "number"
                                                  },
                                                  "secret_token": {
                                                    "title": "The secret token that will be used to sign the message",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Email delivery",
                                                "required": [
                                                  "recipients",
                                                  "subject"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "email"
                                                    ]
                                                  },
                                                  "recipients": {
                                                    "title": "Recipients list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string",
                                                      "format": "email"
                                                    }
                                                  },
                                                  "subject": {
                                                    "title": "The subject of the email",
                                                    "type": "string"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Slack delivery",
                                                "required": [
                                                  "channels"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "slack"
                                                    ]
                                                  },
                                                  "channels": {
                                                    "title": "Slack channels list",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "MS Teams delivery",
                                                "required": [
                                                  "conversations"
                                                ],
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "teams"
                                                    ]
                                                  },
                                                  "conversations": {
                                                    "title": "MS Teams conversations IDs",
                                                    "type": "array",
                                                    "minItems": 1,
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Mobile push notification delivery",
                                                "properties": {
                                                  "type": {
                                                    "title": "Delivery method",
                                                    "type": "string",
                                                    "enum": [
                                                      "mobile"
                                                    ]
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "properties": {
                                              "output_fields": {
                                                "title": "Firewall activity output fields",
                                                "type": "array",
                                                "minItems": 1,
                                                "items": {
                                                  "type": "string",
                                                  "enum": [
                                                    "start_time",
                                                    "end_time",
                                                    "rule_id",
                                                    "rule_name",
                                                    "ruleset_id",
                                                    "ruleset_name",
                                                    "direction",
                                                    "action",
                                                    "protocol",
                                                    "location",
                                                    "program",
                                                    "service",
                                                    "hits",
                                                    "account_id",
                                                    "account_name",
                                                    "machine_id",
                                                    "machine_name",
                                                    "group_id",
                                                    "group_name",
                                                    "policy_id",
                                                    "policy_name",
                                                    "os_platform",
                                                    "os_release_name",
                                                    "os_type",
                                                    "os_version"
                                                  ]
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      {
                                        "type": "array",
                                        "items": {
                                          "title": "Notification delivery schema",
                                          "type": "object",
                                          "required": [
                                            "type"
                                          ],
                                          "anyOf": [
                                            {
                                              "title": "Webhook delivery",
                                              "required": [
                                                "url"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "webhook"
                                                  ]
                                                },
                                                "url": {
                                                  "title": "Webhook url",
                                                  "type": "string",
                                                  "format": "uri"
                                                },
                                                "custom_headers": {
                                                  "title": "Custom headers that will be included in the request",
                                                  "type": "object",
                                                  "additionalProperties": {
                                                    "type": "string"
                                                  }
                                                },
                                                "max_retries": {
                                                  "title": "Maximum number of retries if the delivery is not successful",
                                                  "type": "number"
                                                },
                                                "secret_token": {
                                                  "title": "The secret token that will be used to sign the message",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Email delivery",
                                              "required": [
                                                "recipients",
                                                "subject"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "email"
                                                  ]
                                                },
                                                "recipients": {
                                                  "title": "Recipients list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string",
                                                    "format": "email"
                                                  }
                                                },
                                                "subject": {
                                                  "title": "The subject of the email",
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            {
                                              "title": "Slack delivery",
                                              "required": [
                                                "channels"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "slack"
                                                  ]
                                                },
                                                "channels": {
                                                  "title": "Slack channels list",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "MS Teams delivery",
                                              "required": [
                                                "conversations"
                                              ],
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "teams"
                                                  ]
                                                },
                                                "conversations": {
                                                  "title": "MS Teams conversations IDs",
                                                  "type": "array",
                                                  "minItems": 1,
                                                  "items": {
                                                    "type": "string"
                                                  }
                                                }
                                              }
                                            },
                                            {
                                              "title": "Mobile push notification delivery",
                                              "properties": {
                                                "type": {
                                                  "title": "Delivery method",
                                                  "type": "string",
                                                  "enum": [
                                                    "mobile"
                                                  ]
                                                }
                                              }
                                            }
                                          ]
                                        }
                                      }
                                    ]
                                  },
                                  "output_fields": {
                                    "title": "Firewall activity output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "start_time",
                                        "end_time",
                                        "rule_id",
                                        "rule_name",
                                        "ruleset_id",
                                        "ruleset_name",
                                        "direction",
                                        "action",
                                        "protocol",
                                        "location",
                                        "program",
                                        "service",
                                        "hits",
                                        "account_id",
                                        "account_name",
                                        "machine_id",
                                        "machine_name",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "os_platform",
                                        "os_release_name",
                                        "os_type",
                                        "os_version"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"action\". 1: \"ALLOW\", \"BLOCK\"",
                                                        "items": [
                                                          {
                                                            "const": "action"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by action",
                                                          "type": "string",
                                                          "enum": [
                                                            "ALLOW",
                                                            "BLOCK"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"direction\". 1: \"Inbound\", \"Outbound\"",
                                                        "items": [
                                                          {
                                                            "const": "direction"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by direction",
                                                          "type": "string",
                                                          "enum": [
                                                            "Inbound",
                                                            "Outbound"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"os_platform\". 1: \"1\"(Windows), \"2\"(MacOS), \"3\"(Linux)",
                                                        "items": [
                                                          {
                                                            "const": "os_platform"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by OS platform",
                                                          "type": "number",
                                                          "enum": [
                                                            1,
                                                            2,
                                                            3
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"policy_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "policy_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by policy_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "const": ""
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "Endpoint isolation",
                                "properties": {
                                  "category": {
                                    "enum": [
                                      "endpoint_isolation"
                                    ]
                                  },
                                  "delivery": {
                                    "type": "array",
                                    "items": {
                                      "title": "Notification delivery schema",
                                      "type": "object",
                                      "required": [
                                        "type"
                                      ],
                                      "anyOf": [
                                        {
                                          "title": "Webhook delivery",
                                          "required": [
                                            "url"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "webhook"
                                              ]
                                            },
                                            "url": {
                                              "title": "Webhook url",
                                              "type": "string",
                                              "format": "uri"
                                            },
                                            "custom_headers": {
                                              "title": "Custom headers that will be included in the request",
                                              "type": "object",
                                              "additionalProperties": {
                                                "type": "string"
                                              }
                                            },
                                            "max_retries": {
                                              "title": "Maximum number of retries if the delivery is not successful",
                                              "type": "number"
                                            },
                                            "secret_token": {
                                              "title": "The secret token that will be used to sign the message",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Email delivery",
                                          "required": [
                                            "recipients",
                                            "subject"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "email"
                                              ]
                                            },
                                            "recipients": {
                                              "title": "Recipients list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string",
                                                "format": "email"
                                              }
                                            },
                                            "subject": {
                                              "title": "The subject of the email",
                                              "type": "string"
                                            }
                                          }
                                        },
                                        {
                                          "title": "Slack delivery",
                                          "required": [
                                            "channels"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "slack"
                                              ]
                                            },
                                            "channels": {
                                              "title": "Slack channels list",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "MS Teams delivery",
                                          "required": [
                                            "conversations"
                                          ],
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "teams"
                                              ]
                                            },
                                            "conversations": {
                                              "title": "MS Teams conversations IDs",
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "string"
                                              }
                                            }
                                          }
                                        },
                                        {
                                          "title": "Mobile push notification delivery",
                                          "properties": {
                                            "type": {
                                              "title": "Delivery method",
                                              "type": "string",
                                              "enum": [
                                                "mobile"
                                              ]
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "output_fields": {
                                    "title": "Endpoint isolation output fields",
                                    "type": "array",
                                    "minItems": 1,
                                    "items": {
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "status",
                                        "created_at",
                                        "updated_at",
                                        "expires_at",
                                        "machine_id",
                                        "machine_name",
                                        "os_release_name",
                                        "os_platform",
                                        "os_type",
                                        "os_version",
                                        "rule_id"
                                      ]
                                    }
                                  },
                                  "aggregation": {
                                    "properties": {
                                      "group_by": {
                                        "type": "array",
                                        "title": "If specified, events will be aggregated by these fields, so there will be a different notification for every fields' value",
                                        "items": {
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "account_name",
                                            "status",
                                            "machine_id",
                                            "machine_name"
                                          ]
                                        }
                                      }
                                    }
                                  },
                                  "conditions": {
                                    "title": "Filters the events that will be notified. It depends on category",
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "or": {
                                        "type": "array",
                                        "minItems": 1,
                                        "items": {
                                          "type": "object",
                                          "additionalProperties": false,
                                          "properties": {
                                            "and": {
                                              "type": "array",
                                              "minItems": 1,
                                              "items": {
                                                "type": "object",
                                                "additionalProperties": false,
                                                "properties": {
                                                  "eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"status\". 1: \"COMPLETED\",\"EXPIRED\",\"FAILED\",\"CANCELLED\"",
                                                        "items": [
                                                          {
                                                            "const": "status"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter the type of the status update to be notified",
                                                          "type": "string",
                                                          "enum": [
                                                            "COMPLETED",
                                                            "EXPIRED",
                                                            "FAILED",
                                                            "CANCELLED"
                                                          ]
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "not_eq": {
                                                    "type": "array",
                                                    "anyOf": [
                                                      {
                                                        "title": "0: \"machine_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "machine_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by machine_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      },
                                                      {
                                                        "title": "0: \"group_id\". 1: string",
                                                        "items": [
                                                          {
                                                            "const": "group_id"
                                                          }
                                                        ],
                                                        "additionalItems": {
                                                          "title": "Filter events by group_id",
                                                          "type": "string",
                                                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
                                                        }
                                                      }
                                                    ]
                                                  },
                                                  "contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "not_contains": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "begins_with": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                        "const": "rule_id"
                                                      }
                                                    ]
                                                  },
                                                  "not_exists": {
                                                    "type": "string",
                                                    "anyOf": [
                                                      {
                                                        "title": "Filter events by rule_ud exists. If it exists, it indicates that it's an auto-isolation job",
                                                        "const": "rule_id"
                                                      }
                                                    ]
                                                  },
                                                  "lte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  },
                                                  "gte": {
                                                    "type": "array",
                                                    "additionalItems": false
                                                  }
                                                }
                                              }
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            ],
                            "if": {
                              "properties": {
                                "category": {
                                  "enum": [
                                    "user_added",
                                    "user_deleted",
                                    "user_verified",
                                    "license_over_deployment",
                                    "css_capacity_approached",
                                    "css_capacity_reached",
                                    "css_capacity_exceeded"
                                  ]
                                }
                              }
                            },
                            "then": {
                              "properties": {
                                "conditions": {
                                  "additionalProperties": false
                                }
                              }
                            }
                          },
                          {
                            "required": [
                              "id"
                            ],
                            "properties": {
                              "id": {
                                "title": "Notification Id",
                                "type": "string"
                              },
                              "updated_at": {
                                "title": "Updated at timestamp",
                                "type": "object",
                                "format": "date-time"
                              }
                            }
                          }
                        ]
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Notifications"
        ],
        "operationId": "api.v2.nebula.put-bulk.notification"
      }
    },
    "/nebula/v1/content-filtering": {
      "post": {
        "description": "Create a new content filtering rule",
        "summary": "Create content filtering rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create/Update content filtering rule request",
                "required": [
                  "name",
                  "enabled"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "description": "Name of the content filtering rule",
                    "examples": [
                      "test_rule_1"
                    ]
                  },
                  "description": {
                    "type": "string",
                    "description": "Description of the content filtering rule",
                    "examples": [
                      "This is a test rule"
                    ]
                  },
                  "security_categories": {
                    "type": "array",
                    "description": "Security categories",
                    "items": {
                      "type": "integer"
                    },
                    "examples": [
                      [
                        150,
                        151,
                        152,
                        153
                      ]
                    ]
                  },
                  "content_categories": {
                    "type": "array",
                    "description": "Content categories",
                    "items": {
                      "type": "integer"
                    },
                    "examples": [
                      [
                        130,
                        131,
                        133,
                        134,
                        135
                      ]
                    ]
                  },
                  "allow_domains": {
                    "type": "array",
                    "description": "List of allowed domains",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "ex.com",
                        "we.com",
                        "eee.com"
                      ]
                    ]
                  },
                  "block_domains": {
                    "type": "array",
                    "description": "List of blocked domains",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "a.com",
                        "b.com",
                        "c.com"
                      ]
                    ]
                  },
                  "allow_ips": {
                    "type": "array",
                    "description": "List of allowed IPs (IPV4 address or CIDR block)",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "10.20.20.0",
                        "192.168.0.0/24"
                      ]
                    ]
                  },
                  "block_ips": {
                    "type": "array",
                    "description": "List of blocked IPs (IPV4 address or CIDR block)",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "10.20.30.40",
                        "192.168.10.0/24"
                      ]
                    ]
                  },
                  "block_tlds": {
                    "type": "array",
                    "description": "Blocked Top Level Domains (TLDs)",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "pt"
                      ]
                    ]
                  },
                  "doh_url": {
                    "type": "string",
                    "description": "DOH URL",
                    "examples": [
                      "abcdef.cloudflare.com"
                    ]
                  },
                  "policy_ids": {
                    "type": "array",
                    "description": "List of policy IDs",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7"
                      ]
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "description": "Content filtering rule enabled/disabled status",
                    "examples": [
                      true
                    ]
                  }
                },
                "examples": [
                  {
                    "name": "test_rule_1",
                    "description": "This is a test rule",
                    "security_categories": [
                      150,
                      151,
                      152,
                      153
                    ],
                    "content_categories": [
                      130,
                      131,
                      133,
                      134,
                      135
                    ],
                    "allow_domains": [
                      "ex.com",
                      "we.com",
                      "eee.com"
                    ],
                    "block_domains": [
                      "a.com",
                      "b.com",
                      "c.com"
                    ],
                    "allow_ips": [
                      "10.20.20.0",
                      "192.168.0.0/24"
                    ],
                    "block_ips": [
                      "10.20.30.40",
                      "192.168.10.0/24"
                    ],
                    "block_tlds": [
                      "pt"
                    ],
                    "policy_ids": [
                      "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7"
                    ],
                    "enabled": true
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Content filtering rule",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "Content filtering rule ID",
                      "examples": [
                        "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "description": "Your account ID",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "parent_account_id": {
                      "type": "string",
                      "description": "Parent account ID",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "description": "Name of the content filtering rule",
                      "examples": [
                        "test_rule_1"
                      ]
                    },
                    "description": {
                      "type": "string",
                      "description": "Description of the content filtering rule",
                      "examples": [
                        "This is a test rule"
                      ]
                    },
                    "security_categories": {
                      "type": "array",
                      "description": "Security categories",
                      "items": {
                        "type": "integer"
                      },
                      "examples": [
                        [
                          150,
                          151,
                          152,
                          153
                        ]
                      ]
                    },
                    "content_categories": {
                      "type": "array",
                      "description": "Content categories",
                      "items": {
                        "type": "integer"
                      },
                      "examples": [
                        [
                          130,
                          131,
                          133,
                          134,
                          135
                        ]
                      ]
                    },
                    "allow_domains": {
                      "type": "array",
                      "description": "Allow domains",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "ex.com",
                          "we.com",
                          "eee.com"
                        ]
                      ]
                    },
                    "block_domains": {
                      "type": "array",
                      "description": "Block domains",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "a.com",
                          "b.com",
                          "c.com"
                        ]
                      ]
                    },
                    "allow_ips": {
                      "type": "array",
                      "description": "List of allowed IPs (IPV4 address or CIDR block)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "10.20.20.0",
                          "192.168.0.0/24"
                        ]
                      ]
                    },
                    "block_ips": {
                      "type": "array",
                      "description": "List of blocked IPs (IPV4 address or CIDR block)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "10.20.30.40",
                          "192.168.10.0/24"
                        ]
                      ]
                    },
                    "block_tlds": {
                      "type": "array",
                      "description": "Blocked Top Level Domains (TLDs)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "pt"
                        ]
                      ]
                    },
                    "doh_url": {
                      "type": "string",
                      "description": "DOH URL",
                      "examples": [
                        "abcdef.cloudflare.com"
                      ]
                    },
                    "policies": {
                      "type": "array",
                      "description": "Policies",
                      "items": {
                        "type": "object",
                        "properties": {
                          "policy_id": {
                            "type": "string",
                            "description": "Policy ID"
                          },
                          "policy_name": {
                            "type": "string",
                            "description": "Policy name"
                          }
                        }
                      }
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Rule creation time",
                      "examples": [
                        "2022-03-22T11:04:30.977497Z"
                      ]
                    },
                    "created_by": {
                      "type": "string",
                      "description": "Rule creator ID",
                      "examples": [
                        "d338949c-a186-4e06-aebe-67249e48a88c"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Rule update time",
                      "examples": [
                        "2022-03-22T11:44:38.35927Z"
                      ]
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "Rule updated by",
                      "examples": [
                        "d338949c-a186-4e06-aebe-67249e48a88c"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Content filtering rule enabled/disabled status",
                      "examples": [
                        true
                      ]
                    }
                  },
                  "examples": [
                    {
                      "id": "a54d8a47-d802-49e3-88b9-e8eaf7d8f148",
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "parent_account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "name": "test_rule_1_modified",
                      "description": "This is a test rule",
                      "security_categories": [
                        150,
                        151,
                        152,
                        153
                      ],
                      "content_categories": [
                        1,
                        2,
                        3,
                        4,
                        5
                      ],
                      "allow_domains": [
                        "ex.com",
                        "we.com",
                        "eee.com"
                      ],
                      "block_domains": [
                        "a.com",
                        "b.com",
                        "c.com"
                      ],
                      "allow_ips": [
                        "10.20.20.0",
                        "192.168.0.0/24"
                      ],
                      "block_ips": [
                        "10.20.30.40",
                        "192.168.10.0/24"
                      ],
                      "block_tlds": [
                        "pt"
                      ],
                      "doh_url": "abcdef.cloudflare.com",
                      "policies": [
                        {
                          "policy_id": "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                          "policy_name": "Policy Test"
                        }
                      ],
                      "created_at": "2022-03-22T11:04:30.977497Z",
                      "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                      "updated_at": "2022-03-22T11:44:38.35927Z",
                      "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                      "enabled": true
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.post.content_filtering_rule"
      }
    },
    "/nebula/v1/content-filtering/{id}": {
      "delete": {
        "description": "Delete a content filtering rule",
        "summary": "Delete content filtering rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.delete.content_filtering_rule"
      },
      "get": {
        "description": "Get a content filtering rule details by id",
        "summary": "Get a content filtering rule details",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Content filtering rule",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "Content filtering rule ID",
                      "examples": [
                        "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "description": "Your account ID",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "parent_account_id": {
                      "type": "string",
                      "description": "Parent account ID",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "description": "Name of the content filtering rule",
                      "examples": [
                        "test_rule_1"
                      ]
                    },
                    "description": {
                      "type": "string",
                      "description": "Description of the content filtering rule",
                      "examples": [
                        "This is a test rule"
                      ]
                    },
                    "security_categories": {
                      "type": "array",
                      "description": "Security categories",
                      "items": {
                        "type": "integer"
                      },
                      "examples": [
                        [
                          150,
                          151,
                          152,
                          153
                        ]
                      ]
                    },
                    "content_categories": {
                      "type": "array",
                      "description": "Content categories",
                      "items": {
                        "type": "integer"
                      },
                      "examples": [
                        [
                          130,
                          131,
                          133,
                          134,
                          135
                        ]
                      ]
                    },
                    "allow_domains": {
                      "type": "array",
                      "description": "Allow domains",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "ex.com",
                          "we.com",
                          "eee.com"
                        ]
                      ]
                    },
                    "block_domains": {
                      "type": "array",
                      "description": "Block domains",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "a.com",
                          "b.com",
                          "c.com"
                        ]
                      ]
                    },
                    "allow_ips": {
                      "type": "array",
                      "description": "List of allowed IPs (IPV4 address or CIDR block)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "10.20.20.0",
                          "192.168.0.0/24"
                        ]
                      ]
                    },
                    "block_ips": {
                      "type": "array",
                      "description": "List of blocked IPs (IPV4 address or CIDR block)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "10.20.30.40",
                          "192.168.10.0/24"
                        ]
                      ]
                    },
                    "block_tlds": {
                      "type": "array",
                      "description": "Blocked Top Level Domains (TLDs)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "pt"
                        ]
                      ]
                    },
                    "doh_url": {
                      "type": "string",
                      "description": "DOH URL",
                      "examples": [
                        "abcdef.cloudflare.com"
                      ]
                    },
                    "policies": {
                      "type": "array",
                      "description": "Policies",
                      "items": {
                        "type": "object",
                        "properties": {
                          "policy_id": {
                            "type": "string",
                            "description": "Policy ID"
                          },
                          "policy_name": {
                            "type": "string",
                            "description": "Policy name"
                          }
                        }
                      }
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Rule creation time",
                      "examples": [
                        "2022-03-22T11:04:30.977497Z"
                      ]
                    },
                    "created_by": {
                      "type": "string",
                      "description": "Rule creator ID",
                      "examples": [
                        "d338949c-a186-4e06-aebe-67249e48a88c"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Rule update time",
                      "examples": [
                        "2022-03-22T11:44:38.35927Z"
                      ]
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "Rule updated by",
                      "examples": [
                        "d338949c-a186-4e06-aebe-67249e48a88c"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Content filtering rule enabled/disabled status",
                      "examples": [
                        true
                      ]
                    }
                  },
                  "examples": [
                    {
                      "id": "a54d8a47-d802-49e3-88b9-e8eaf7d8f148",
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "parent_account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "name": "test_rule_1_modified",
                      "description": "This is a test rule",
                      "security_categories": [
                        150,
                        151,
                        152,
                        153
                      ],
                      "content_categories": [
                        1,
                        2,
                        3,
                        4,
                        5
                      ],
                      "allow_domains": [
                        "ex.com",
                        "we.com",
                        "eee.com"
                      ],
                      "block_domains": [
                        "a.com",
                        "b.com",
                        "c.com"
                      ],
                      "allow_ips": [
                        "10.20.20.0",
                        "192.168.0.0/24"
                      ],
                      "block_ips": [
                        "10.20.30.40",
                        "192.168.10.0/24"
                      ],
                      "block_tlds": [
                        "pt"
                      ],
                      "doh_url": "abcdef.cloudflare.com",
                      "policies": [
                        {
                          "policy_id": "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                          "policy_name": "Policy Test"
                        }
                      ],
                      "created_at": "2022-03-22T11:04:30.977497Z",
                      "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                      "updated_at": "2022-03-22T11:44:38.35927Z",
                      "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                      "enabled": true
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_rule.id"
      },
      "put": {
        "description": "Update a content filtering rule",
        "summary": "Update content filtering rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create/Update content filtering rule request",
                "required": [
                  "name",
                  "enabled"
                ],
                "properties": {
                  "name": {
                    "type": "string",
                    "description": "Name of the content filtering rule",
                    "examples": [
                      "test_rule_1"
                    ]
                  },
                  "description": {
                    "type": "string",
                    "description": "Description of the content filtering rule",
                    "examples": [
                      "This is a test rule"
                    ]
                  },
                  "security_categories": {
                    "type": "array",
                    "description": "Security categories",
                    "items": {
                      "type": "integer"
                    },
                    "examples": [
                      [
                        150,
                        151,
                        152,
                        153
                      ]
                    ]
                  },
                  "content_categories": {
                    "type": "array",
                    "description": "Content categories",
                    "items": {
                      "type": "integer"
                    },
                    "examples": [
                      [
                        130,
                        131,
                        133,
                        134,
                        135
                      ]
                    ]
                  },
                  "allow_domains": {
                    "type": "array",
                    "description": "List of allowed domains",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "ex.com",
                        "we.com",
                        "eee.com"
                      ]
                    ]
                  },
                  "block_domains": {
                    "type": "array",
                    "description": "List of blocked domains",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "a.com",
                        "b.com",
                        "c.com"
                      ]
                    ]
                  },
                  "allow_ips": {
                    "type": "array",
                    "description": "List of allowed IPs (IPV4 address or CIDR block)",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "10.20.20.0",
                        "192.168.0.0/24"
                      ]
                    ]
                  },
                  "block_ips": {
                    "type": "array",
                    "description": "List of blocked IPs (IPV4 address or CIDR block)",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "10.20.30.40",
                        "192.168.10.0/24"
                      ]
                    ]
                  },
                  "block_tlds": {
                    "type": "array",
                    "description": "Blocked Top Level Domains (TLDs)",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "pt"
                      ]
                    ]
                  },
                  "doh_url": {
                    "type": "string",
                    "description": "DOH URL",
                    "examples": [
                      "abcdef.cloudflare.com"
                    ]
                  },
                  "policy_ids": {
                    "type": "array",
                    "description": "List of policy IDs",
                    "items": {
                      "type": "string"
                    },
                    "examples": [
                      [
                        "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7"
                      ]
                    ]
                  },
                  "enabled": {
                    "type": "boolean",
                    "description": "Content filtering rule enabled/disabled status",
                    "examples": [
                      true
                    ]
                  }
                },
                "examples": [
                  {
                    "name": "test_rule_1",
                    "description": "This is a test rule",
                    "security_categories": [
                      150,
                      151,
                      152,
                      153
                    ],
                    "content_categories": [
                      130,
                      131,
                      133,
                      134,
                      135
                    ],
                    "allow_domains": [
                      "ex.com",
                      "we.com",
                      "eee.com"
                    ],
                    "block_domains": [
                      "a.com",
                      "b.com",
                      "c.com"
                    ],
                    "allow_ips": [
                      "10.20.20.0",
                      "192.168.0.0/24"
                    ],
                    "block_ips": [
                      "10.20.30.40",
                      "192.168.10.0/24"
                    ],
                    "block_tlds": [
                      "pt"
                    ],
                    "policy_ids": [
                      "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7"
                    ],
                    "enabled": true
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Content filtering rule",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "Content filtering rule ID",
                      "examples": [
                        "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                      ]
                    },
                    "account_id": {
                      "type": "string",
                      "description": "Your account ID",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "parent_account_id": {
                      "type": "string",
                      "description": "Parent account ID",
                      "examples": [
                        "550a20b8-6d36-4222-afbc-54d100f2e894"
                      ]
                    },
                    "name": {
                      "type": "string",
                      "description": "Name of the content filtering rule",
                      "examples": [
                        "test_rule_1"
                      ]
                    },
                    "description": {
                      "type": "string",
                      "description": "Description of the content filtering rule",
                      "examples": [
                        "This is a test rule"
                      ]
                    },
                    "security_categories": {
                      "type": "array",
                      "description": "Security categories",
                      "items": {
                        "type": "integer"
                      },
                      "examples": [
                        [
                          150,
                          151,
                          152,
                          153
                        ]
                      ]
                    },
                    "content_categories": {
                      "type": "array",
                      "description": "Content categories",
                      "items": {
                        "type": "integer"
                      },
                      "examples": [
                        [
                          130,
                          131,
                          133,
                          134,
                          135
                        ]
                      ]
                    },
                    "allow_domains": {
                      "type": "array",
                      "description": "Allow domains",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "ex.com",
                          "we.com",
                          "eee.com"
                        ]
                      ]
                    },
                    "block_domains": {
                      "type": "array",
                      "description": "Block domains",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "a.com",
                          "b.com",
                          "c.com"
                        ]
                      ]
                    },
                    "allow_ips": {
                      "type": "array",
                      "description": "List of allowed IPs (IPV4 address or CIDR block)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "10.20.20.0",
                          "192.168.0.0/24"
                        ]
                      ]
                    },
                    "block_ips": {
                      "type": "array",
                      "description": "List of blocked IPs (IPV4 address or CIDR block)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "10.20.30.40",
                          "192.168.10.0/24"
                        ]
                      ]
                    },
                    "block_tlds": {
                      "type": "array",
                      "description": "Blocked Top Level Domains (TLDs)",
                      "items": {
                        "type": "string"
                      },
                      "examples": [
                        [
                          "pt"
                        ]
                      ]
                    },
                    "doh_url": {
                      "type": "string",
                      "description": "DOH URL",
                      "examples": [
                        "abcdef.cloudflare.com"
                      ]
                    },
                    "policies": {
                      "type": "array",
                      "description": "Policies",
                      "items": {
                        "type": "object",
                        "properties": {
                          "policy_id": {
                            "type": "string",
                            "description": "Policy ID"
                          },
                          "policy_name": {
                            "type": "string",
                            "description": "Policy name"
                          }
                        }
                      }
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Rule creation time",
                      "examples": [
                        "2022-03-22T11:04:30.977497Z"
                      ]
                    },
                    "created_by": {
                      "type": "string",
                      "description": "Rule creator ID",
                      "examples": [
                        "d338949c-a186-4e06-aebe-67249e48a88c"
                      ]
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Rule update time",
                      "examples": [
                        "2022-03-22T11:44:38.35927Z"
                      ]
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "Rule updated by",
                      "examples": [
                        "d338949c-a186-4e06-aebe-67249e48a88c"
                      ]
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Content filtering rule enabled/disabled status",
                      "examples": [
                        true
                      ]
                    }
                  },
                  "examples": [
                    {
                      "id": "a54d8a47-d802-49e3-88b9-e8eaf7d8f148",
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "parent_account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "name": "test_rule_1_modified",
                      "description": "This is a test rule",
                      "security_categories": [
                        150,
                        151,
                        152,
                        153
                      ],
                      "content_categories": [
                        1,
                        2,
                        3,
                        4,
                        5
                      ],
                      "allow_domains": [
                        "ex.com",
                        "we.com",
                        "eee.com"
                      ],
                      "block_domains": [
                        "a.com",
                        "b.com",
                        "c.com"
                      ],
                      "allow_ips": [
                        "10.20.20.0",
                        "192.168.0.0/24"
                      ],
                      "block_ips": [
                        "10.20.30.40",
                        "192.168.10.0/24"
                      ],
                      "block_tlds": [
                        "pt"
                      ],
                      "doh_url": "abcdef.cloudflare.com",
                      "policies": [
                        {
                          "policy_id": "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                          "policy_name": "Policy Test"
                        }
                      ],
                      "created_at": "2022-03-22T11:04:30.977497Z",
                      "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                      "updated_at": "2022-03-22T11:44:38.35927Z",
                      "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                      "enabled": true
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.put.content_filtering_rule"
      }
    },
    "/nebula/v1/content-filtering/{id}/enable": {
      "put": {
        "description": "Enable/Disable a content filtering rule",
        "summary": "Enable/Disable content filtering rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Enable/Disable content filtering rule",
                "required": [
                  "enabled"
                ],
                "properties": {
                  "enabled": {
                    "type": "boolean",
                    "description": "Enable/Disable content filtering rule"
                  }
                },
                "examples": [
                  {
                    "enabled": "true"
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Enable/Disable content filtering rule",
                  "required": [
                    "dns_rule_id",
                    "enabled"
                  ],
                  "properties": {
                    "dns_rule_id": {
                      "type": "string",
                      "description": "Content filtering rule ID"
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Enable/Disable content filtering rule"
                    }
                  },
                  "examples": [
                    {
                      "dns_rule_id": "6fab50d8-4c75-4a03-9549-66f147fcf093",
                      "enabled": true
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.enable.content_filtering_rule"
      }
    },
    "/nebula/v1/content-filtering/{id}/enable-for-policy": {
      "put": {
        "description": "Enable/Disable a content filtering rule for a Nebula policy",
        "summary": "Enable/Disable content filtering rule for policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Enable/Disable content filtering rule",
                "required": [
                  "enabled"
                ],
                "properties": {
                  "enabled": {
                    "type": "boolean",
                    "description": "Enable/Disable content filtering rule"
                  }
                },
                "examples": [
                  {
                    "enabled": "true"
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Enable/Disable content filtering rule for a nebula policy",
                  "required": [
                    "policy_id",
                    "enabled"
                  ],
                  "properties": {
                    "policy_id": {
                      "type": "string",
                      "description": "Policy ID"
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Enable/Disable content filtering rule for a nebula policy"
                    }
                  },
                  "examples": [
                    {
                      "policy_id": "575ec9d1-9ade-4a2b-98cd-d6b5e5ea63d7",
                      "enabled": "true"
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.enable.content_filtering_rule.policy"
      }
    },
    "/nebula/v1/content-filtering/categories": {
      "get": {
        "description": "Get a collection of DNS content filtering categories with detailed information, including id, name, description and the respective list of subcategories.",
        "summary": "Get list of categories",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Content filtering categories",
                  "properties": {
                    "categories": {
                      "type": "array",
                      "description": "Collection of content filtering categories.",
                      "items": {
                        "type": "object",
                        "title": "Content filtering category",
                        "properties": {
                          "id": {
                            "type": "integer",
                            "description": "Category ID",
                            "examples": [
                              1
                            ]
                          },
                          "name": {
                            "type": "string",
                            "description": "Category name",
                            "examples": [
                              "Ads"
                            ]
                          },
                          "description": {
                            "type": "string",
                            "description": "Category description",
                            "examples": [
                              "Sites that are providing ads for websites."
                            ]
                          },
                          "subcategories": {
                            "type": "array",
                            "description": "Subcategories of this category",
                            "items": {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer",
                                  "description": "Subcategory ID",
                                  "examples": [
                                    66
                                  ]
                                },
                                "name": {
                                  "type": "string",
                                  "description": "Subcategory name",
                                  "examples": [
                                    "Advertisements"
                                  ]
                                },
                                "description": {
                                  "type": "string",
                                  "description": "Subcategory Description",
                                  "examples": [
                                    "Sites displaying advertisements for websites."
                                  ]
                                }
                              }
                            }
                          }
                        },
                        "examples": [
                          {
                            "description": "Sites that are providing ads for websites.",
                            "id": 1,
                            "name": "Ads",
                            "subcategories": [
                              {
                                "description": "Sites displaying advertisements for websites.",
                                "id": 66,
                                "name": "Advertisements"
                              }
                            ]
                          }
                        ]
                      }
                    }
                  },
                  "examples": [
                    {
                      "categories": [
                        {
                          "description": "Sites that are providing ads for websites.",
                          "id": 1,
                          "name": "Ads",
                          "subcategories": [
                            {
                              "description": "Sites displaying advertisements for websites.",
                              "id": 66,
                              "name": "Advertisements"
                            }
                          ]
                        },
                        {
                          "description": "Sites that are related to pornography, nudity, sexuality, and other adult themes.",
                          "id": 2,
                          "name": "Adult Themes",
                          "subcategories": [
                            {
                              "description": "Sites related to adult themes not included in other categories like Pornography and Nudity.",
                              "id": 67,
                              "name": "Adult Themes"
                            },
                            {
                              "description": "Sites displaying nudity.",
                              "id": 125,
                              "name": "Nudity"
                            },
                            {
                              "description": "Sites displaying pornography.",
                              "id": 133,
                              "name": "Pornography"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_categories"
      }
    },
    "/nebula/v1/content-filtering/search": {
      "post": {
        "description": "Get a list of content filtering rules for current account",
        "summary": "Get a list of content filtering rules",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "description": "Request body for getting all content filtering rules",
                "properties": {
                  "populate": {
                    "type": "object",
                    "title": "Populate object schema",
                    "properties": {
                      "users": {
                        "type": "boolean",
                        "title": "Populate with the user email"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Content filtering rules and their total count",
                  "properties": {
                    "content_filtering_rules": {
                      "type": "array",
                      "description": "Collection of content filtering rules",
                      "items": {
                        "type": "object",
                        "title": "Content filtering rule",
                        "properties": {
                          "id": {
                            "type": "string",
                            "description": "Content filtering rule ID",
                            "examples": [
                              "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "description": "Your account ID",
                            "examples": [
                              "550a20b8-6d36-4222-afbc-54d100f2e894"
                            ]
                          },
                          "parent_account_id": {
                            "type": "string",
                            "description": "Parent account ID",
                            "examples": [
                              "550a20b8-6d36-4222-afbc-54d100f2e894"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "description": "Name of the content filtering rule",
                            "examples": [
                              "test_rule_1"
                            ]
                          },
                          "description": {
                            "type": "string",
                            "description": "Description of the content filtering rule",
                            "examples": [
                              "This is a test rule"
                            ]
                          },
                          "security_categories": {
                            "type": "array",
                            "description": "Security categories",
                            "items": {
                              "type": "integer"
                            },
                            "examples": [
                              [
                                150,
                                151,
                                152,
                                153
                              ]
                            ]
                          },
                          "content_categories": {
                            "type": "array",
                            "description": "Content categories",
                            "items": {
                              "type": "integer"
                            },
                            "examples": [
                              [
                                130,
                                131,
                                133,
                                134,
                                135
                              ]
                            ]
                          },
                          "allow_domains": {
                            "type": "array",
                            "description": "Allow domains",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "ex.com",
                                "we.com",
                                "eee.com"
                              ]
                            ]
                          },
                          "block_domains": {
                            "type": "array",
                            "description": "Block domains",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "a.com",
                                "b.com",
                                "c.com"
                              ]
                            ]
                          },
                          "allow_ips": {
                            "type": "array",
                            "description": "List of allowed IPs (IPV4 address or CIDR block)",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "10.20.20.0",
                                "192.168.0.0/24"
                              ]
                            ]
                          },
                          "block_ips": {
                            "type": "array",
                            "description": "List of blocked IPs (IPV4 address or CIDR block)",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "10.20.30.40",
                                "192.168.10.0/24"
                              ]
                            ]
                          },
                          "block_tlds": {
                            "type": "array",
                            "description": "Blocked Top Level Domains (TLDs)",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "pt"
                              ]
                            ]
                          },
                          "doh_url": {
                            "type": "string",
                            "description": "DOH URL",
                            "examples": [
                              "abcdef.cloudflare.com"
                            ]
                          },
                          "policies": {
                            "type": "array",
                            "description": "Policies",
                            "items": {
                              "type": "object",
                              "properties": {
                                "policy_id": {
                                  "type": "string",
                                  "description": "Policy ID"
                                },
                                "policy_name": {
                                  "type": "string",
                                  "description": "Policy name"
                                }
                              }
                            }
                          },
                          "created_at": {
                            "type": "string",
                            "description": "Rule creation time",
                            "examples": [
                              "2022-03-22T11:04:30.977497Z"
                            ]
                          },
                          "created_by": {
                            "type": "string",
                            "description": "Rule creator ID",
                            "examples": [
                              "d338949c-a186-4e06-aebe-67249e48a88c"
                            ]
                          },
                          "updated_at": {
                            "type": "string",
                            "description": "Rule update time",
                            "examples": [
                              "2022-03-22T11:44:38.35927Z"
                            ]
                          },
                          "updated_by": {
                            "type": "string",
                            "description": "Rule updated by",
                            "examples": [
                              "d338949c-a186-4e06-aebe-67249e48a88c"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "description": "Content filtering rule enabled/disabled status",
                            "examples": [
                              true
                            ]
                          }
                        },
                        "examples": [
                          {
                            "id": "a54d8a47-d802-49e3-88b9-e8eaf7d8f148",
                            "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                            "parent_account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                            "name": "test_rule_1_modified",
                            "description": "This is a test rule",
                            "security_categories": [
                              150,
                              151,
                              152,
                              153
                            ],
                            "content_categories": [
                              1,
                              2,
                              3,
                              4,
                              5
                            ],
                            "allow_domains": [
                              "ex.com",
                              "we.com",
                              "eee.com"
                            ],
                            "block_domains": [
                              "a.com",
                              "b.com",
                              "c.com"
                            ],
                            "allow_ips": [
                              "10.20.20.0",
                              "192.168.0.0/24"
                            ],
                            "block_ips": [
                              "10.20.30.40",
                              "192.168.10.0/24"
                            ],
                            "block_tlds": [
                              "pt"
                            ],
                            "doh_url": "abcdef.cloudflare.com",
                            "policies": [
                              {
                                "policy_id": "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                                "policy_name": "Policy Test"
                              }
                            ],
                            "created_at": "2022-03-22T11:04:30.977497Z",
                            "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                            "updated_at": "2022-03-22T11:44:38.35927Z",
                            "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                            "enabled": true
                          }
                        ]
                      }
                    },
                    "total_count": {
                      "$type": "integer",
                      "description": "Total count of rules"
                    }
                  },
                  "examples": [
                    {
                      "content_filtering_rules": [
                        {
                          "id": "718d94e9-cc90-474c-a483-134fbc2268cd",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test1",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "block_tlds": [
                            "pt"
                          ],
                          "enabled": false,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                          "updated_at": "2022-03-22T11:44:38.35927Z",
                          "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        },
                        {
                          "id": "0c9d6c60-53ee-412b-81f7-4244a4e6d115",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test10",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "block_tlds": [
                            "actor"
                          ],
                          "doh_url": "https://jqt5h6pzfd.cloudflare-gateway.com/dns-query",
                          "enabled": false,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        },
                        {
                          "id": "be7b7c91-2371-478d-bf9d-7daa704d290d",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test11",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "block_tlds": [
                            "ceb"
                          ],
                          "allow_ips": [
                            "10.20.20.0",
                            "192.168.0.0/24"
                          ],
                          "doh_url": "https://rddpnori5n.cloudflare-gateway.com/dns-query",
                          "enabled": false,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        },
                        {
                          "id": "6fab50d8-4c75-4a03-9549-66f147fcf093",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test12",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "doh_url": "https://y8i1259oyo.cloudflare-gateway.com/dns-query",
                          "enabled": true,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        }
                      ],
                      "total_count": 15
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_rules"
      }
    },
    "/nebula/v1/content-filtering/blockpage": {
      "get": {
        "description": "Get DNS Blockpage settings for account",
        "summary": "Get DNS BlockPage Settings",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate_users",
            "required": false,
            "in": "query",
            "schema": {
              "type": "boolean"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "DNS Blockpage Settings",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "BlockPage identifier"
                    },
                    "account_id": {
                      "type": "string",
                      "description": "BlockPage account identifier"
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Enabled"
                    },
                    "inherited": {
                      "type": "boolean",
                      "description": "Inherited from a parent account"
                    },
                    "footer_text": {
                      "type": "string",
                      "description": "Footer text"
                    },
                    "header_text": {
                      "type": "string",
                      "description": "Header text"
                    },
                    "logo_path": {
                      "type": "string",
                      "description": "Logo path",
                      "format": "uri"
                    },
                    "background_color": {
                      "type": "string",
                      "description": "Background color"
                    },
                    "name": {
                      "type": "string",
                      "description": "Name"
                    },
                    "mailto_address": {
                      "type": "string",
                      "description": "Mailto address"
                    },
                    "mailto_subject": {
                      "type": "string",
                      "description": "Mailto subject"
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Created date"
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Updated date"
                    },
                    "created_by": {
                      "type": "string",
                      "description": "User that created the BlockPage"
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "User that last updated the BlockPage"
                    }
                  },
                  "examples": [
                    {
                      "id": "9432a6c0-262c-4ea8-8a23-ee19cbe580dd",
                      "account_id": "d4048783-6ba2-4f33-a4b4-f90dd06e8609",
                      "inherited": false,
                      "enabled": true,
                      "footer_text": "This site has been blocked by Malwarebytes Content Filtering per your organization.",
                      "header_text": "This is a test",
                      "logo_path": "https://eml.malwarebytes.com/mailer/MWB_logo.png",
                      "background_color": "#ffffff",
                      "name": "Malwarebytes",
                      "mailto_address": "admin@mail.com",
                      "mailto_subject": "Your custom subject",
                      "created_at": "2022-04-26T16:18:40.629491Z",
                      "updated_at": "2025-02-07T14:50:38.019689Z",
                      "created_by": "f7b21a15-557e-4458-afd2-e7cf74ec20b8",
                      "updated_by": "846aa1f3-abe3-4e54-b5c6-0fec92913a27"
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_blockpage"
      },
      "put": {
        "description": "Save DNS Blockpage settings for account",
        "summary": "Save DNS BlockPage Settings",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate_users",
            "required": false,
            "in": "query",
            "schema": {
              "type": "boolean"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "DNS BlockPage Settings",
                "required": [
                  "enabled",
                  "footer_text",
                  "header_text",
                  "logo_path",
                  "background_color",
                  "name",
                  "mailto_address",
                  "mailto_subject"
                ],
                "properties": {
                  "enabled": {
                    "type": "boolean",
                    "description": "Enabled"
                  },
                  "inherited": {
                    "type": "boolean",
                    "description": "Set to true to inherit the BlockPage from a parent account"
                  },
                  "footer_text": {
                    "type": "string",
                    "description": "Footer text"
                  },
                  "header_text": {
                    "type": "string",
                    "description": "Header text"
                  },
                  "logo_path": {
                    "type": "string",
                    "description": "Logo path",
                    "format": "uri"
                  },
                  "background_color": {
                    "type": "string",
                    "description": "Background color"
                  },
                  "name": {
                    "type": "string",
                    "description": "Name"
                  },
                  "mailto_address": {
                    "type": "string",
                    "description": "Mailto address"
                  },
                  "mailto_subject": {
                    "type": "string",
                    "description": "Mailto subject"
                  }
                },
                "examples": [
                  {
                    "id": "9432a6c0-262c-4ea8-8a23-ee19cbe580dd",
                    "account_id": "d4048783-6ba2-4f33-a4b4-f90dd06e8609",
                    "enabled": true,
                    "footer_text": "This site has been blocked by Malwarebytes Content Filtering per your organization.",
                    "header_text": "This is a test",
                    "logo_path": "https://eml.malwarebytes.com/mailer/MWB_logo.png",
                    "background_color": "#ffffff",
                    "name": "Malwarebytes",
                    "mailto_address": "pchaves@mail.com",
                    "mailto_subject": "Your custom subject"
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "DNS Blockpage Settings",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "BlockPage identifier"
                    },
                    "account_id": {
                      "type": "string",
                      "description": "BlockPage account identifier"
                    },
                    "enabled": {
                      "type": "boolean",
                      "description": "Enabled"
                    },
                    "inherited": {
                      "type": "boolean",
                      "description": "Inherited from a parent account"
                    },
                    "footer_text": {
                      "type": "string",
                      "description": "Footer text"
                    },
                    "header_text": {
                      "type": "string",
                      "description": "Header text"
                    },
                    "logo_path": {
                      "type": "string",
                      "description": "Logo path",
                      "format": "uri"
                    },
                    "background_color": {
                      "type": "string",
                      "description": "Background color"
                    },
                    "name": {
                      "type": "string",
                      "description": "Name"
                    },
                    "mailto_address": {
                      "type": "string",
                      "description": "Mailto address"
                    },
                    "mailto_subject": {
                      "type": "string",
                      "description": "Mailto subject"
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Created date"
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Updated date"
                    },
                    "created_by": {
                      "type": "string",
                      "description": "User that created the BlockPage"
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "User that last updated the BlockPage"
                    }
                  },
                  "examples": [
                    {
                      "id": "9432a6c0-262c-4ea8-8a23-ee19cbe580dd",
                      "account_id": "d4048783-6ba2-4f33-a4b4-f90dd06e8609",
                      "inherited": false,
                      "enabled": true,
                      "footer_text": "This site has been blocked by Malwarebytes Content Filtering per your organization.",
                      "header_text": "This is a test",
                      "logo_path": "https://eml.malwarebytes.com/mailer/MWB_logo.png",
                      "background_color": "#ffffff",
                      "name": "Malwarebytes",
                      "mailto_address": "admin@mail.com",
                      "mailto_subject": "Your custom subject",
                      "created_at": "2022-04-26T16:18:40.629491Z",
                      "updated_at": "2025-02-07T14:50:38.019689Z",
                      "created_by": "f7b21a15-557e-4458-afd2-e7cf74ec20b8",
                      "updated_by": "846aa1f3-abe3-4e54-b5c6-0fec92913a27"
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.put.content_filtering_blockpage"
      }
    },
    "/nebula/v1/content-filtering/exclusions": {
      "get": {
        "description": "Get DNS Global Exclusions",
        "summary": "Get DNS Global Exclusions",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate_users",
            "required": false,
            "in": "query",
            "schema": {
              "type": "boolean"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "DNS Global Exclusions",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "Exclusion Identifier"
                    },
                    "account_id": {
                      "type": "string",
                      "description": "Account Identifier"
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "The global exclusions array",
                      "items": {
                        "type": "string",
                        "title": "Exclusion Domains",
                        "pattern": "^(?!://)([a-zA-Z0-9-_]{1,63}.)+[a-zA-Z]{2,63}$",
                        "examples": [
                          "example.com"
                        ]
                      }
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Created date"
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Updated date"
                    },
                    "created_by": {
                      "type": "string",
                      "description": "User that created the exclusions"
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "User that last updated the exclusions"
                    }
                  },
                  "examples": [
                    {
                      "id": "c85e25f8-9e84-4a75-b8c2-c118d9df2424",
                      "account_id": "d4048783-6ba2-4f33-a4b4-f90dd06e8609",
                      "exclusions": [
                        "test.com"
                      ],
                      "created_at": "2022-04-26T16:18:40.629491Z",
                      "updated_at": "2025-02-07T14:50:38.019689Z",
                      "created_by": "f7b21a15-557e-4458-afd2-e7cf74ec20b8",
                      "updated_by": "846aa1f3-abe3-4e54-b5c6-0fec92913a27"
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_exclusions"
      },
      "put": {
        "description": "Save DNS Global Exclusions",
        "summary": "Save DNS Global Exclusions",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "populate_users",
            "required": false,
            "in": "query",
            "schema": {
              "type": "boolean"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "DNS Global Exclusions",
                "required": [
                  "exclusions"
                ],
                "properties": {
                  "exclusions": {
                    "type": "array",
                    "title": "The global exclusions array",
                    "items": {
                      "type": "string",
                      "title": "Exclusion Domains",
                      "pattern": "^(?!://)([a-zA-Z0-9-_]{1,63}.)+[a-zA-Z]{2,63}$",
                      "examples": [
                        "example.com"
                      ]
                    }
                  }
                },
                "examples": [
                  {
                    "exclusions": [
                      "test.com"
                    ]
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "DNS Global Exclusions",
                  "properties": {
                    "id": {
                      "type": "string",
                      "description": "Exclusion Identifier"
                    },
                    "account_id": {
                      "type": "string",
                      "description": "Account Identifier"
                    },
                    "exclusions": {
                      "type": "array",
                      "title": "The global exclusions array",
                      "items": {
                        "type": "string",
                        "title": "Exclusion Domains",
                        "pattern": "^(?!://)([a-zA-Z0-9-_]{1,63}.)+[a-zA-Z]{2,63}$",
                        "examples": [
                          "example.com"
                        ]
                      }
                    },
                    "created_at": {
                      "type": "string",
                      "description": "Created date"
                    },
                    "updated_at": {
                      "type": "string",
                      "description": "Updated date"
                    },
                    "created_by": {
                      "type": "string",
                      "description": "User that created the exclusions"
                    },
                    "updated_by": {
                      "type": "string",
                      "description": "User that last updated the exclusions"
                    }
                  },
                  "examples": [
                    {
                      "id": "c85e25f8-9e84-4a75-b8c2-c118d9df2424",
                      "account_id": "d4048783-6ba2-4f33-a4b4-f90dd06e8609",
                      "exclusions": [
                        "test.com"
                      ],
                      "created_at": "2022-04-26T16:18:40.629491Z",
                      "updated_at": "2025-02-07T14:50:38.019689Z",
                      "created_by": "f7b21a15-557e-4458-afd2-e7cf74ec20b8",
                      "updated_by": "846aa1f3-abe3-4e54-b5c6-0fec92913a27"
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.put.content_filtering_exclusions"
      }
    },
    "/nebula/v1/content-filtering/domain": {
      "get": {
        "description": "Get domain details",
        "summary": "Get domain details",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.domain"
      }
    },
    "/nebula/v1/content-filtering/frequent-domains": {
      "get": {
        "description": "Get frequently used domain names",
        "summary": "Get frequently used domain names",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Domain Names",
                  "properties": {
                    "domains": {
                      "type": "array",
                      "items": {
                        "type": "string",
                        "description": "Frequent domains"
                      }
                    }
                  },
                  "examples": [
                    {
                      "domains": [
                        "a.com",
                        "b.com",
                        "c.com",
                        "eee.com",
                        "ex.com",
                        "we.com"
                      ]
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.frequent.domains"
      }
    },
    "/nebula/v1/content-filtering/policies": {
      "get": {
        "description": "Get list of policies",
        "summary": "Get list of policies",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Content filtering rules and their total count",
                  "properties": {
                    "content_filtering_rules": {
                      "type": "array",
                      "description": "Collection of content filtering rules",
                      "items": {
                        "type": "object",
                        "title": "Content filtering rule",
                        "properties": {
                          "id": {
                            "type": "string",
                            "description": "Content filtering rule ID",
                            "examples": [
                              "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "description": "Your account ID",
                            "examples": [
                              "550a20b8-6d36-4222-afbc-54d100f2e894"
                            ]
                          },
                          "parent_account_id": {
                            "type": "string",
                            "description": "Parent account ID",
                            "examples": [
                              "550a20b8-6d36-4222-afbc-54d100f2e894"
                            ]
                          },
                          "name": {
                            "type": "string",
                            "description": "Name of the content filtering rule",
                            "examples": [
                              "test_rule_1"
                            ]
                          },
                          "description": {
                            "type": "string",
                            "description": "Description of the content filtering rule",
                            "examples": [
                              "This is a test rule"
                            ]
                          },
                          "security_categories": {
                            "type": "array",
                            "description": "Security categories",
                            "items": {
                              "type": "integer"
                            },
                            "examples": [
                              [
                                150,
                                151,
                                152,
                                153
                              ]
                            ]
                          },
                          "content_categories": {
                            "type": "array",
                            "description": "Content categories",
                            "items": {
                              "type": "integer"
                            },
                            "examples": [
                              [
                                130,
                                131,
                                133,
                                134,
                                135
                              ]
                            ]
                          },
                          "allow_domains": {
                            "type": "array",
                            "description": "Allow domains",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "ex.com",
                                "we.com",
                                "eee.com"
                              ]
                            ]
                          },
                          "block_domains": {
                            "type": "array",
                            "description": "Block domains",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "a.com",
                                "b.com",
                                "c.com"
                              ]
                            ]
                          },
                          "allow_ips": {
                            "type": "array",
                            "description": "List of allowed IPs (IPV4 address or CIDR block)",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "10.20.20.0",
                                "192.168.0.0/24"
                              ]
                            ]
                          },
                          "block_ips": {
                            "type": "array",
                            "description": "List of blocked IPs (IPV4 address or CIDR block)",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "10.20.30.40",
                                "192.168.10.0/24"
                              ]
                            ]
                          },
                          "block_tlds": {
                            "type": "array",
                            "description": "Blocked Top Level Domains (TLDs)",
                            "items": {
                              "type": "string"
                            },
                            "examples": [
                              [
                                "pt"
                              ]
                            ]
                          },
                          "doh_url": {
                            "type": "string",
                            "description": "DOH URL",
                            "examples": [
                              "abcdef.cloudflare.com"
                            ]
                          },
                          "policies": {
                            "type": "array",
                            "description": "Policies",
                            "items": {
                              "type": "object",
                              "properties": {
                                "policy_id": {
                                  "type": "string",
                                  "description": "Policy ID"
                                },
                                "policy_name": {
                                  "type": "string",
                                  "description": "Policy name"
                                }
                              }
                            }
                          },
                          "created_at": {
                            "type": "string",
                            "description": "Rule creation time",
                            "examples": [
                              "2022-03-22T11:04:30.977497Z"
                            ]
                          },
                          "created_by": {
                            "type": "string",
                            "description": "Rule creator ID",
                            "examples": [
                              "d338949c-a186-4e06-aebe-67249e48a88c"
                            ]
                          },
                          "updated_at": {
                            "type": "string",
                            "description": "Rule update time",
                            "examples": [
                              "2022-03-22T11:44:38.35927Z"
                            ]
                          },
                          "updated_by": {
                            "type": "string",
                            "description": "Rule updated by",
                            "examples": [
                              "d338949c-a186-4e06-aebe-67249e48a88c"
                            ]
                          },
                          "enabled": {
                            "type": "boolean",
                            "description": "Content filtering rule enabled/disabled status",
                            "examples": [
                              true
                            ]
                          }
                        },
                        "examples": [
                          {
                            "id": "a54d8a47-d802-49e3-88b9-e8eaf7d8f148",
                            "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                            "parent_account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                            "name": "test_rule_1_modified",
                            "description": "This is a test rule",
                            "security_categories": [
                              150,
                              151,
                              152,
                              153
                            ],
                            "content_categories": [
                              1,
                              2,
                              3,
                              4,
                              5
                            ],
                            "allow_domains": [
                              "ex.com",
                              "we.com",
                              "eee.com"
                            ],
                            "block_domains": [
                              "a.com",
                              "b.com",
                              "c.com"
                            ],
                            "allow_ips": [
                              "10.20.20.0",
                              "192.168.0.0/24"
                            ],
                            "block_ips": [
                              "10.20.30.40",
                              "192.168.10.0/24"
                            ],
                            "block_tlds": [
                              "pt"
                            ],
                            "doh_url": "abcdef.cloudflare.com",
                            "policies": [
                              {
                                "policy_id": "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                                "policy_name": "Policy Test"
                              }
                            ],
                            "created_at": "2022-03-22T11:04:30.977497Z",
                            "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                            "updated_at": "2022-03-22T11:44:38.35927Z",
                            "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                            "enabled": true
                          }
                        ]
                      }
                    },
                    "total_count": {
                      "$type": "integer",
                      "description": "Total count of rules"
                    }
                  },
                  "examples": [
                    {
                      "content_filtering_rules": [
                        {
                          "id": "718d94e9-cc90-474c-a483-134fbc2268cd",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test1",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "block_tlds": [
                            "pt"
                          ],
                          "enabled": false,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c",
                          "updated_at": "2022-03-22T11:44:38.35927Z",
                          "updated_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        },
                        {
                          "id": "0c9d6c60-53ee-412b-81f7-4244a4e6d115",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test10",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "block_tlds": [
                            "actor"
                          ],
                          "doh_url": "https://jqt5h6pzfd.cloudflare-gateway.com/dns-query",
                          "enabled": false,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        },
                        {
                          "id": "be7b7c91-2371-478d-bf9d-7daa704d290d",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test11",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "block_tlds": [
                            "ceb"
                          ],
                          "allow_ips": [
                            "10.20.20.0",
                            "192.168.0.0/24"
                          ],
                          "doh_url": "https://rddpnori5n.cloudflare-gateway.com/dns-query",
                          "enabled": false,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        },
                        {
                          "id": "6fab50d8-4c75-4a03-9549-66f147fcf093",
                          "account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "parent_account_id": "f29c5663-100a-4cd5-a5c3-b9a45e67ad21",
                          "name": "test12",
                          "description": "this is a test rule",
                          "security_categories": [
                            150,
                            151,
                            152,
                            153
                          ],
                          "content_categories": [
                            130,
                            131,
                            133,
                            134,
                            135
                          ],
                          "allow_domains": [
                            "ex.com",
                            "we.com",
                            "eee.com"
                          ],
                          "block_domains": [
                            "a.com",
                            "b.com",
                            "c.com"
                          ],
                          "block_ips": [
                            "10.20.30.40",
                            "192.168.10.0/24"
                          ],
                          "doh_url": "https://y8i1259oyo.cloudflare-gateway.com/dns-query",
                          "enabled": true,
                          "created_at": "2022-03-22T11:04:30.977497Z",
                          "created_by": "d338949c-a186-4e06-aebe-67249e48a88c"
                        }
                      ],
                      "total_count": 15
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_rule_policies"
      }
    },
    "/nebula/v1/content-filtering/tlds": {
      "get": {
        "description": "Get all known top level domains (TLDs)",
        "summary": "Get Top Level Domains",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true,
                  "title": "Content filtering Top Level Domains",
                  "properties": {
                    "tlds": {
                      "type": "array",
                      "description": "Collection of all known Top Level Domains (TLDs)",
                      "items": {
                        "type": "object",
                        "title": "Content filtering Top Level Domain (TLD)",
                        "properties": {
                          "domain": {
                            "type": "string",
                            "description": "Domain name",
                            "examples": [
                              "pt"
                            ]
                          },
                          "domain_type": {
                            "type": "string",
                            "description": "Domain Type",
                            "examples": [
                              "country-code"
                            ]
                          },
                          "entity": {
                            "type": "string",
                            "description": "Domain Entity",
                            "examples": [
                              "Canada"
                            ]
                          }
                        },
                        "examples": [
                          {
                            "Domain": "aaa",
                            "DomainType": "generic",
                            "Entity": "American Automobile Association, Inc."
                          },
                          {
                            "Domain": "aarp",
                            "DomainType": "generic",
                            "Entity": "AARP"
                          },
                          {
                            "Domain": "abarth",
                            "DomainType": "generic",
                            "Entity": "Not assigned"
                          },
                          {
                            "Domain": "pt",
                            "DomainType": "country-code",
                            "Entity": "Portugal"
                          }
                        ]
                      }
                    }
                  },
                  "examples": [
                    {
                      "tlds": [
                        {
                          "Domain": "aaa",
                          "DomainType": "generic",
                          "Entity": "American Automobile Association, Inc."
                        },
                        {
                          "Domain": "aarp",
                          "DomainType": "generic",
                          "Entity": "AARP"
                        },
                        {
                          "Domain": "abarth",
                          "DomainType": "generic",
                          "Entity": "Not assigned"
                        },
                        {
                          "Domain": "pt",
                          "DomainType": "country-code",
                          "Entity": "Portugal"
                        }
                      ]
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Content Filtering"
        ],
        "operationId": "api.nebula.get.content_filtering_tlds"
      }
    },
    "/nebula/v1/grid/assets/software/export": {
      "post": {
        "description": "Export software assets per account",
        "summary": "Export software assets",
        "simple_schema": "asset-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Asset Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Asset select fields",
                              "enum": [
                                "account_id",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "installation_date",
                                "account_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "created_at",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "group_name",
                                "object_guid",
                                "latest_version_available",
                                "cves",
                                "cves_by_status.unknown",
                                "cves_by_status.low",
                                "cves_by_status.medium",
                                "cves_by_status.high",
                                "cves_by_status.critical",
                                "cves_score",
                                "cves_count",
                                "cves_count_by_status.unknown",
                                "cves_count_by_status.low",
                                "cves_count_by_status.medium",
                                "cves_count_by_status.high",
                                "cves_count_by_status.critical",
                                "language",
                                "architecture",
                                "product_signature",
                                "supports_update",
                                "update_available",
                                "online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Asset Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "os_info.os_release_name",
                                                      "cves",
                                                      "cves_by_status.unknown",
                                                      "cves_by_status.low",
                                                      "cves_by_status.medium",
                                                      "cves_by_status.high",
                                                      "cves_by_status.critical",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Assets UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "parent_account_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "machine_id",
                                                    "object_guid"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "os_info.os_release_name",
                                                      "cves",
                                                      "cves_by_status.unknown",
                                                      "cves_by_status.low",
                                                      "cves_by_status.medium",
                                                      "cves_by_status.high",
                                                      "cves_by_status.critical",
                                                      "architecture"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets boolean fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "supports_update",
                                                      "update_available"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "cves_score",
                                                      "cves_count",
                                                      "product_signature",
                                                      "cves_count_by_status.unknown",
                                                      "cves_count_by_status.low",
                                                      "cves_count_by_status.medium",
                                                      "cves_count_by_status.high",
                                                      "cves_count_by_status.critical"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "installation_date",
                                                      "created_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "os_info.os_release_name",
                                                      "cves",
                                                      "cves_by_status.unknown",
                                                      "cves_by_status.low",
                                                      "cves_by_status.medium",
                                                      "cves_by_status.high",
                                                      "cves_by_status.critical",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "installation_date",
                                                      "created_at"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "cves_score",
                                                      "cves_count",
                                                      "product_signature",
                                                      "cves_count_by_status.unknown",
                                                      "cves_count_by_status.low",
                                                      "cves_count_by_status.medium",
                                                      "cves_count_by_status.high",
                                                      "cves_count_by_status.critical"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "account_name",
                                            "value": "Test Account",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Asset aggregation fields",
                                        "enum": [
                                          "account_id",
                                          "parent_account_id",
                                          "group_id",
                                          "root_group_id",
                                          "machine_id",
                                          "host_name",
                                          "fully_qualified_host_name",
                                          "alias",
                                          "vendor",
                                          "normalized_vendor",
                                          "display_vendor",
                                          "product",
                                          "normalized_product",
                                          "display_product",
                                          "installed_version",
                                          "normalized_installed_version",
                                          "display_installed_version",
                                          "object_guid",
                                          "os_info.os_type",
                                          "os_info.os_version",
                                          "os_info.os_platform",
                                          "os_info.os_architecture",
                                          "os_info.os_release_name",
                                          "latest_version_available",
                                          "cves",
                                          "cves_by_status.unknown",
                                          "cves_by_status.low",
                                          "cves_by_status.medium",
                                          "cves_by_status.high",
                                          "cves_by_status.critical"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Asset sort fields",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "account_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "alias",
                                        "name_multi_search",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_type",
                                        "os_info.os_version",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name",
                                        "installation_date",
                                        "created_at",
                                        "object_guid",
                                        "latest_version_available",
                                        "cves",
                                        "cves_by_status.unknown",
                                        "cves_by_status.low",
                                        "cves_by_status.medium",
                                        "cves_by_status.high",
                                        "cves_by_status.critical",
                                        "cves_score",
                                        "cves_count",
                                        "cves_count_by_status.unknown",
                                        "cves_count_by_status.low",
                                        "cves_count_by_status.medium",
                                        "cves_count_by_status.high",
                                        "cves_count_by_status.critical",
                                        "language",
                                        "architecture",
                                        "product_signature",
                                        "supports_update",
                                        "update_available"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.assets.software"
      }
    },
    "/nebula/v1/grid/assets/software/export/async": {
      "post": {
        "description": "Export software assets per account",
        "summary": "Export software assets asynchronously",
        "simple_schema": "asset-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Asset Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Asset select fields",
                              "enum": [
                                "account_id",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "installation_date",
                                "account_name",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "created_at",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "group_name",
                                "object_guid",
                                "latest_version_available",
                                "cves",
                                "cves_by_status.unknown",
                                "cves_by_status.low",
                                "cves_by_status.medium",
                                "cves_by_status.high",
                                "cves_by_status.critical",
                                "cves_score",
                                "cves_count",
                                "cves_count_by_status.unknown",
                                "cves_count_by_status.low",
                                "cves_count_by_status.medium",
                                "cves_count_by_status.high",
                                "cves_count_by_status.critical",
                                "language",
                                "architecture",
                                "product_signature",
                                "supports_update",
                                "update_available",
                                "online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Asset Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "os_info.os_release_name",
                                                      "cves",
                                                      "cves_by_status.unknown",
                                                      "cves_by_status.low",
                                                      "cves_by_status.medium",
                                                      "cves_by_status.high",
                                                      "cves_by_status.critical",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Assets UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "parent_account_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "machine_id",
                                                    "object_guid"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "os_info.os_release_name",
                                                      "cves",
                                                      "cves_by_status.unknown",
                                                      "cves_by_status.low",
                                                      "cves_by_status.medium",
                                                      "cves_by_status.high",
                                                      "cves_by_status.critical",
                                                      "architecture"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets boolean fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "supports_update",
                                                      "update_available"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "cves_score",
                                                      "cves_count",
                                                      "product_signature",
                                                      "cves_count_by_status.unknown",
                                                      "cves_count_by_status.low",
                                                      "cves_count_by_status.medium",
                                                      "cves_count_by_status.high",
                                                      "cves_count_by_status.critical"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "installation_date",
                                                      "created_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Assets Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "os_info.os_release_name",
                                                      "cves",
                                                      "cves_by_status.unknown",
                                                      "cves_by_status.low",
                                                      "cves_by_status.medium",
                                                      "cves_by_status.high",
                                                      "cves_by_status.critical",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "installation_date",
                                                      "created_at"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Assets Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "cves_score",
                                                      "cves_count",
                                                      "product_signature",
                                                      "cves_count_by_status.unknown",
                                                      "cves_count_by_status.low",
                                                      "cves_count_by_status.medium",
                                                      "cves_count_by_status.high",
                                                      "cves_count_by_status.critical"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "account_name",
                                            "value": "Test Account",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Asset aggregation fields",
                                        "enum": [
                                          "account_id",
                                          "parent_account_id",
                                          "group_id",
                                          "root_group_id",
                                          "machine_id",
                                          "host_name",
                                          "fully_qualified_host_name",
                                          "alias",
                                          "vendor",
                                          "normalized_vendor",
                                          "display_vendor",
                                          "product",
                                          "normalized_product",
                                          "display_product",
                                          "installed_version",
                                          "normalized_installed_version",
                                          "display_installed_version",
                                          "object_guid",
                                          "os_info.os_type",
                                          "os_info.os_version",
                                          "os_info.os_platform",
                                          "os_info.os_architecture",
                                          "os_info.os_release_name",
                                          "latest_version_available",
                                          "cves",
                                          "cves_by_status.unknown",
                                          "cves_by_status.low",
                                          "cves_by_status.medium",
                                          "cves_by_status.high",
                                          "cves_by_status.critical"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Asset sort fields",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "account_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "alias",
                                        "name_multi_search",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_type",
                                        "os_info.os_version",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name",
                                        "installation_date",
                                        "created_at",
                                        "object_guid",
                                        "latest_version_available",
                                        "cves",
                                        "cves_by_status.unknown",
                                        "cves_by_status.low",
                                        "cves_by_status.medium",
                                        "cves_by_status.high",
                                        "cves_by_status.critical",
                                        "cves_score",
                                        "cves_count",
                                        "cves_count_by_status.unknown",
                                        "cves_count_by_status.low",
                                        "cves_count_by_status.medium",
                                        "cves_count_by_status.high",
                                        "cves_count_by_status.critical",
                                        "language",
                                        "architecture",
                                        "product_signature",
                                        "supports_update",
                                        "update_available"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.assets.software.async"
      }
    },
    "/nebula/v1/grid/assets/software/search": {
      "post": {
        "description": "Search software assets per account",
        "summary": "Search software assets",
        "simple_schema": "asset-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "Asset Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Assets Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_version",
                                        "os_info.os_release_name",
                                        "cves",
                                        "cves_by_status.unknown",
                                        "cves_by_status.low",
                                        "cves_by_status.medium",
                                        "cves_by_status.high",
                                        "cves_by_status.critical",
                                        "architecture"
                                      ]
                                    },
                                    {
                                      "title": "Assets Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "os_info.os_type",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "language"
                                      ]
                                    },
                                    {
                                      "title": "Assets UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "object_guid"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "Assets UID String Fields",
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "parent_account_id",
                                      "group_id",
                                      "root_group_id",
                                      "machine_id",
                                      "object_guid"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Assets Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_version",
                                        "os_info.os_release_name",
                                        "cves",
                                        "cves_by_status.unknown",
                                        "cves_by_status.low",
                                        "cves_by_status.medium",
                                        "cves_by_status.high",
                                        "cves_by_status.critical",
                                        "architecture"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Boolean (Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Assets boolean fields",
                                      "type": "string",
                                      "enum": [
                                        "supports_update",
                                        "update_available"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "title": "Value to search. Must be true or false",
                                  "type": "boolean"
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Assets Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "cves_score",
                                        "cves_count",
                                        "product_signature",
                                        "cves_count_by_status.unknown",
                                        "cves_count_by_status.low",
                                        "cves_count_by_status.medium",
                                        "cves_count_by_status.high",
                                        "cves_count_by_status.critical"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Assets Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "installation_date",
                                        "created_at"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Assets Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_version",
                                        "os_info.os_release_name",
                                        "cves",
                                        "cves_by_status.unknown",
                                        "cves_by_status.low",
                                        "cves_by_status.medium",
                                        "cves_by_status.high",
                                        "cves_by_status.critical",
                                        "architecture"
                                      ]
                                    },
                                    {
                                      "title": "Assets Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "os_info.os_type",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "language"
                                      ]
                                    },
                                    {
                                      "title": "Assets UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "object_guid"
                                      ]
                                    },
                                    {
                                      "title": "Assets Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "installation_date",
                                        "created_at"
                                      ]
                                    },
                                    {
                                      "title": "Assets Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "cves_score",
                                        "cves_count",
                                        "product_signature",
                                        "cves_count_by_status.unknown",
                                        "cves_count_by_status.low",
                                        "cves_count_by_status.medium",
                                        "cves_count_by_status.high",
                                        "cves_count_by_status.critical"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "account_name",
                              "value": "Test Account",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "Asset aggregation fields",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "object_guid",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Asset sort fields",
                        "enum": [
                          "account_id",
                          "parent_account_id",
                          "group_id",
                          "root_group_id",
                          "machine_id",
                          "account_name",
                          "host_name",
                          "fully_qualified_host_name",
                          "alias",
                          "name_multi_search",
                          "vendor",
                          "normalized_vendor",
                          "display_vendor",
                          "product",
                          "normalized_product",
                          "display_product",
                          "installed_version",
                          "normalized_installed_version",
                          "display_installed_version",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "installation_date",
                          "created_at",
                          "object_guid",
                          "latest_version_available",
                          "cves",
                          "cves_by_status.unknown",
                          "cves_by_status.low",
                          "cves_by_status.medium",
                          "cves_by_status.high",
                          "cves_by_status.critical",
                          "cves_score",
                          "cves_count",
                          "cves_count_by_status.unknown",
                          "cves_count_by_status.low",
                          "cves_count_by_status.medium",
                          "cves_count_by_status.high",
                          "cves_count_by_status.critical",
                          "language",
                          "architecture",
                          "product_signature",
                          "supports_update",
                          "update_available"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search assets software result",
                  "properties": {
                    "assets": {
                      "type": "array",
                      "items": {
                        "properties": {
                          "account_id": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "vendor": {
                            "type": "string"
                          },
                          "normalized_vendor": {
                            "type": "string"
                          },
                          "display_vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "normalized_product": {
                            "type": "string"
                          },
                          "display_product": {
                            "type": "string"
                          },
                          "installed_version": {
                            "type": "string"
                          },
                          "normalized_installed_version": {
                            "type": "string"
                          },
                          "display_installed_version": {
                            "type": "string"
                          },
                          "installation_date": {
                            "type": "string"
                          },
                          "language": {
                            "type": "string"
                          },
                          "architecture": {
                            "type": "string"
                          },
                          "product_signature": {
                            "type": "integer"
                          },
                          "account_name": {
                            "type": "string"
                          },
                          "host_name": {
                            "type": "string"
                          },
                          "fully_qualified_host_name": {
                            "type": "string"
                          },
                          "domain_name": {
                            "type": "string"
                          },
                          "alias": {
                            "type": "string"
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "object_guid": {
                            "type": "string"
                          },
                          "os_info": {
                            "properties": {
                              "os_type": {
                                "type": "string"
                              },
                              "os_version": {
                                "type": "string"
                              },
                              "os_platform": {
                                "type": "string"
                              },
                              "os_architecture": {
                                "type": "string"
                              },
                              "os_release_name": {
                                "type": "string"
                              }
                            }
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "cves": {
                            "type": "array",
                            "items": {
                              "type": "string"
                            }
                          },
                          "cves_count": {
                            "type": "integer"
                          },
                          "cves_score": {
                            "type": "number"
                          },
                          "cves_by_status": {
                            "properties": {
                              "none": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "low": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "medium": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "high": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "critical": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              }
                            }
                          },
                          "cves_count_by_status": {
                            "properties": {
                              "none": {
                                "type": "integer"
                              },
                              "low": {
                                "type": "integer"
                              },
                              "medium": {
                                "type": "integer"
                              },
                              "high": {
                                "type": "integer"
                              },
                              "critical": {
                                "type": "integer"
                              }
                            }
                          },
                          "latest_version_available": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "assets",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.assets.software"
      }
    },
    "/nebula/v1/grid/assets/software/search-groupby": {
      "post": {
        "description": "Search grouped software assets per account",
        "summary": "Search grouped software assets",
        "simple_schema": "asset-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Asset Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "Asset Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Assets Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "vendor",
                                            "normalized_vendor",
                                            "display_vendor",
                                            "product",
                                            "normalized_product",
                                            "display_product",
                                            "installed_version",
                                            "normalized_installed_version",
                                            "display_installed_version",
                                            "os_info.os_version",
                                            "os_info.os_release_name",
                                            "cves",
                                            "cves_by_status.unknown",
                                            "cves_by_status.low",
                                            "cves_by_status.medium",
                                            "cves_by_status.high",
                                            "cves_by_status.critical",
                                            "architecture"
                                          ]
                                        },
                                        {
                                          "title": "Assets Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "os_info.os_type",
                                            "os_info.os_platform",
                                            "os_info.os_architecture",
                                            "language"
                                          ]
                                        },
                                        {
                                          "title": "Assets UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "parent_account_id",
                                            "group_id",
                                            "root_group_id",
                                            "machine_id",
                                            "object_guid"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "Assets UID String Fields",
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "parent_account_id",
                                          "group_id",
                                          "root_group_id",
                                          "machine_id",
                                          "object_guid"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Assets Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "vendor",
                                            "normalized_vendor",
                                            "display_vendor",
                                            "product",
                                            "normalized_product",
                                            "display_product",
                                            "installed_version",
                                            "normalized_installed_version",
                                            "display_installed_version",
                                            "os_info.os_version",
                                            "os_info.os_release_name",
                                            "cves",
                                            "cves_by_status.unknown",
                                            "cves_by_status.low",
                                            "cves_by_status.medium",
                                            "cves_by_status.high",
                                            "cves_by_status.critical",
                                            "architecture"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Boolean (Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Assets boolean fields",
                                          "type": "string",
                                          "enum": [
                                            "supports_update",
                                            "update_available"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "title": "Value to search. Must be true or false",
                                      "type": "boolean"
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Assets Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "cves_score",
                                            "cves_count",
                                            "product_signature",
                                            "cves_count_by_status.unknown",
                                            "cves_count_by_status.low",
                                            "cves_count_by_status.medium",
                                            "cves_count_by_status.high",
                                            "cves_count_by_status.critical"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Assets Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "installation_date",
                                            "created_at"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Assets Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "vendor",
                                            "normalized_vendor",
                                            "display_vendor",
                                            "product",
                                            "normalized_product",
                                            "display_product",
                                            "installed_version",
                                            "normalized_installed_version",
                                            "display_installed_version",
                                            "os_info.os_version",
                                            "os_info.os_release_name",
                                            "cves",
                                            "cves_by_status.unknown",
                                            "cves_by_status.low",
                                            "cves_by_status.medium",
                                            "cves_by_status.high",
                                            "cves_by_status.critical",
                                            "architecture"
                                          ]
                                        },
                                        {
                                          "title": "Assets Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "os_info.os_type",
                                            "os_info.os_platform",
                                            "os_info.os_architecture",
                                            "language"
                                          ]
                                        },
                                        {
                                          "title": "Assets UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "parent_account_id",
                                            "group_id",
                                            "root_group_id",
                                            "machine_id",
                                            "object_guid"
                                          ]
                                        },
                                        {
                                          "title": "Assets Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "installation_date",
                                            "created_at"
                                          ]
                                        },
                                        {
                                          "title": "Assets Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "cves_score",
                                            "cves_count",
                                            "product_signature",
                                            "cves_count_by_status.unknown",
                                            "cves_count_by_status.low",
                                            "cves_count_by_status.medium",
                                            "cves_count_by_status.high",
                                            "cves_count_by_status.critical"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "account_name",
                                  "value": "Test Account",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "Asset aggregation fields",
                              "enum": [
                                "account_id",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "object_guid",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "latest_version_available",
                                "cves",
                                "cves_by_status.unknown",
                                "cves_by_status.low",
                                "cves_by_status.medium",
                                "cves_by_status.high",
                                "cves_by_status.critical"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "Asset sort fields",
                            "enum": [
                              "account_id",
                              "parent_account_id",
                              "group_id",
                              "root_group_id",
                              "machine_id",
                              "account_name",
                              "host_name",
                              "fully_qualified_host_name",
                              "alias",
                              "name_multi_search",
                              "vendor",
                              "normalized_vendor",
                              "display_vendor",
                              "product",
                              "normalized_product",
                              "display_product",
                              "installed_version",
                              "normalized_installed_version",
                              "display_installed_version",
                              "os_info.os_type",
                              "os_info.os_version",
                              "os_info.os_platform",
                              "os_info.os_architecture",
                              "os_info.os_release_name",
                              "installation_date",
                              "created_at",
                              "object_guid",
                              "latest_version_available",
                              "cves",
                              "cves_by_status.unknown",
                              "cves_by_status.low",
                              "cves_by_status.medium",
                              "cves_by_status.high",
                              "cves_by_status.critical",
                              "cves_score",
                              "cves_count",
                              "cves_count_by_status.unknown",
                              "cves_count_by_status.low",
                              "cves_count_by_status.medium",
                              "cves_count_by_status.high",
                              "cves_count_by_status.critical",
                              "language",
                              "architecture",
                              "product_signature",
                              "supports_update",
                              "update_available"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "Asset Groupby Fields",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "account_name",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "object_guid",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "latest_version_available",
                            "cves",
                            "cves_by_status.unknown",
                            "cves_by_status.low",
                            "cves_by_status.medium",
                            "cves_by_status.high",
                            "cves_by_status.critical",
                            "cves_score",
                            "cves_count",
                            "cves_count_by_status.unknown",
                            "cves_count_by_status.low",
                            "cves_count_by_status.medium",
                            "cves_count_by_status.high",
                            "cves_count_by_status.critical",
                            "language",
                            "architecture",
                            "product_signature",
                            "created_at"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Assets Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.assets.software.group"
      }
    },
    "/nebula/v1/grid/cve/export": {
      "post": {
        "description": "Export CVEs per account",
        "summary": "Export CVEs",
        "simple_schema": "cve-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "CVE Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "CVE select fields",
                              "enum": [
                                "account_id",
                                "account_name",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "installation_date",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "created_at",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "cve_id",
                                "cisa_exploitable",
                                "known_ransomware_campaign_use",
                                "severity",
                                "severity_score",
                                "published_at",
                                "description",
                                "cvss20_score",
                                "cvss30_score",
                                "online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "CVE Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Simple String Fields",
                                                    "enum": [
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "sort_name",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "cve_id",
                                                      "document_id",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Enum String Fields",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "severity",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE UID String Fields",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Version Fields",
                                                    "enum": [
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "latest_version_available"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "type": "string",
                                                  "title": "CVE UID String Fields",
                                                  "enum": [
                                                    "account_id",
                                                    "parent_account_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "machine_id",
                                                    "object_guid"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Simple String Fields",
                                                    "enum": [
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "sort_name",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "cve_id",
                                                      "document_id",
                                                      "language"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Boolean Fields",
                                                    "enum": [
                                                      "cisa_exploitable",
                                                      "known_ransomware_campaign_use",
                                                      "supports_update"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Number String Fields",
                                                    "enum": [
                                                      "severity_score",
                                                      "cvss20_score",
                                                      "cvss30_score",
                                                      "product_signature"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Date Fields",
                                                    "enum": [
                                                      "installation_date",
                                                      "created_at",
                                                      "published_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Simple String Fields",
                                                    "enum": [
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "sort_name",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "cve_id",
                                                      "document_id",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Enum String Fields",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "severity",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE UID String Fields",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Version Fields",
                                                    "enum": [
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "latest_version_available"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Number String Fields",
                                                    "enum": [
                                                      "severity_score",
                                                      "cvss20_score",
                                                      "cvss30_score",
                                                      "product_signature"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Boolean Fields",
                                                    "enum": [
                                                      "cisa_exploitable",
                                                      "known_ransomware_campaign_use",
                                                      "supports_update"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "product",
                                            "value": "Example Product",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "CVE aggregation fields",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "parent_account_id",
                                          "group_id",
                                          "root_group_id",
                                          "machine_id",
                                          "endpoints",
                                          "object_guid",
                                          "host_name",
                                          "fully_qualified_host_name",
                                          "alias",
                                          "sort_name",
                                          "vendor",
                                          "normalized_vendor",
                                          "display_vendor",
                                          "product",
                                          "normalized_product",
                                          "display_product",
                                          "installed_version",
                                          "normalized_installed_version",
                                          "display_installed_version",
                                          "os_info.os_type",
                                          "os_info.os_version",
                                          "os_info.os_platform",
                                          "os_info.os_architecture",
                                          "os_info.os_release_name",
                                          "cve_id",
                                          "severity",
                                          "severity_score",
                                          "cisa_exploitable",
                                          "known_ransomware_campaign_use",
                                          "cvss20_score",
                                          "cvss30_score"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "CVE sort fields",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "object_guid",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "alias",
                                        "sort_name",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_type",
                                        "os_info.os_version",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name",
                                        "cve_id",
                                        "severity",
                                        "installation_date",
                                        "created_at",
                                        "published_at",
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "severity_score",
                                        "cvss20_score",
                                        "cvss30_score",
                                        "supports_update"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.cve"
      }
    },
    "/nebula/v1/grid/cve/export/async": {
      "post": {
        "description": "Export CVEs per account",
        "summary": "Export CVEs asynchronously",
        "simple_schema": "cve-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "CVE Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "CVE select fields",
                              "enum": [
                                "account_id",
                                "account_name",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "installation_date",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "created_at",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "cve_id",
                                "cisa_exploitable",
                                "known_ransomware_campaign_use",
                                "severity",
                                "severity_score",
                                "published_at",
                                "description",
                                "cvss20_score",
                                "cvss30_score",
                                "online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "CVE Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Simple String Fields",
                                                    "enum": [
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "sort_name",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "cve_id",
                                                      "document_id",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Enum String Fields",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "severity",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE UID String Fields",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Version Fields",
                                                    "enum": [
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "latest_version_available"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "type": "string",
                                                  "title": "CVE UID String Fields",
                                                  "enum": [
                                                    "account_id",
                                                    "parent_account_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "machine_id",
                                                    "object_guid"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Simple String Fields",
                                                    "enum": [
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "sort_name",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "cve_id",
                                                      "document_id",
                                                      "language"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Boolean Fields",
                                                    "enum": [
                                                      "cisa_exploitable",
                                                      "known_ransomware_campaign_use",
                                                      "supports_update"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Number String Fields",
                                                    "enum": [
                                                      "severity_score",
                                                      "cvss20_score",
                                                      "cvss30_score",
                                                      "product_signature"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Date Fields",
                                                    "enum": [
                                                      "installation_date",
                                                      "created_at",
                                                      "published_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Simple String Fields",
                                                    "enum": [
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "sort_name",
                                                      "vendor",
                                                      "normalized_vendor",
                                                      "display_vendor",
                                                      "product",
                                                      "normalized_product",
                                                      "display_product",
                                                      "cve_id",
                                                      "document_id",
                                                      "language"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Enum String Fields",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture",
                                                      "severity",
                                                      "architecture"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE UID String Fields",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "machine_id",
                                                      "object_guid"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Version Fields",
                                                    "enum": [
                                                      "installed_version",
                                                      "normalized_installed_version",
                                                      "display_installed_version",
                                                      "os_info.os_version",
                                                      "latest_version_available"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Number String Fields",
                                                    "enum": [
                                                      "severity_score",
                                                      "cvss20_score",
                                                      "cvss30_score",
                                                      "product_signature"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "CVE Boolean Fields",
                                                    "enum": [
                                                      "cisa_exploitable",
                                                      "known_ransomware_campaign_use",
                                                      "supports_update"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "product",
                                            "value": "Example Product",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "CVE aggregation fields",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "parent_account_id",
                                          "group_id",
                                          "root_group_id",
                                          "machine_id",
                                          "endpoints",
                                          "object_guid",
                                          "host_name",
                                          "fully_qualified_host_name",
                                          "alias",
                                          "sort_name",
                                          "vendor",
                                          "normalized_vendor",
                                          "display_vendor",
                                          "product",
                                          "normalized_product",
                                          "display_product",
                                          "installed_version",
                                          "normalized_installed_version",
                                          "display_installed_version",
                                          "os_info.os_type",
                                          "os_info.os_version",
                                          "os_info.os_platform",
                                          "os_info.os_architecture",
                                          "os_info.os_release_name",
                                          "cve_id",
                                          "severity",
                                          "severity_score",
                                          "cisa_exploitable",
                                          "known_ransomware_campaign_use",
                                          "cvss20_score",
                                          "cvss30_score"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "CVE sort fields",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "object_guid",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "alias",
                                        "sort_name",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_type",
                                        "os_info.os_version",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name",
                                        "cve_id",
                                        "severity",
                                        "installation_date",
                                        "created_at",
                                        "published_at",
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "severity_score",
                                        "cvss20_score",
                                        "cvss30_score",
                                        "supports_update"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.cve.async"
      }
    },
    "/nebula/v1/grid/cve/search": {
      "post": {
        "description": "Search CVEs per account",
        "summary": "Search CVEs",
        "simple_schema": "cve-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "CVE Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "CVE Simple String Fields",
                                      "enum": [
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "sort_name",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "cve_id",
                                        "document_id",
                                        "language"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE Enum String Fields",
                                      "enum": [
                                        "os_info.os_type",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "severity",
                                        "architecture"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE UID String Fields",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "object_guid"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE Version Fields",
                                      "enum": [
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_version",
                                        "latest_version_available"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "CVE UID String Fields",
                                    "enum": [
                                      "account_id",
                                      "parent_account_id",
                                      "group_id",
                                      "root_group_id",
                                      "machine_id",
                                      "object_guid"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "CVE Simple String Fields",
                                      "enum": [
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "sort_name",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "cve_id",
                                        "document_id",
                                        "language"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Boolean (Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "CVE Boolean Fields",
                                      "enum": [
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "supports_update"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "title": "Value to search. Must be true or false",
                                  "type": "boolean"
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "CVE Number String Fields",
                                      "enum": [
                                        "severity_score",
                                        "cvss20_score",
                                        "cvss30_score",
                                        "product_signature"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "CVE Date Fields",
                                      "enum": [
                                        "installation_date",
                                        "created_at",
                                        "published_at"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "CVE Simple String Fields",
                                      "enum": [
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "sort_name",
                                        "vendor",
                                        "normalized_vendor",
                                        "display_vendor",
                                        "product",
                                        "normalized_product",
                                        "display_product",
                                        "cve_id",
                                        "document_id",
                                        "language"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE Enum String Fields",
                                      "enum": [
                                        "os_info.os_type",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "severity",
                                        "architecture"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE UID String Fields",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "group_id",
                                        "root_group_id",
                                        "machine_id",
                                        "object_guid"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE Version Fields",
                                      "enum": [
                                        "installed_version",
                                        "normalized_installed_version",
                                        "display_installed_version",
                                        "os_info.os_version",
                                        "latest_version_available"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE Number String Fields",
                                      "enum": [
                                        "severity_score",
                                        "cvss20_score",
                                        "cvss30_score",
                                        "product_signature"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "CVE Boolean Fields",
                                      "enum": [
                                        "cisa_exploitable",
                                        "known_ransomware_campaign_use",
                                        "supports_update"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "product",
                              "value": "Example Product",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "CVE aggregation fields",
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "endpoints",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "sort_name",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "cve_id",
                            "severity",
                            "severity_score",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "cvss20_score",
                            "cvss30_score"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "CVE sort fields",
                        "enum": [
                          "account_id",
                          "account_name",
                          "parent_account_id",
                          "group_id",
                          "root_group_id",
                          "machine_id",
                          "object_guid",
                          "host_name",
                          "fully_qualified_host_name",
                          "alias",
                          "sort_name",
                          "vendor",
                          "normalized_vendor",
                          "display_vendor",
                          "product",
                          "normalized_product",
                          "display_product",
                          "installed_version",
                          "normalized_installed_version",
                          "display_installed_version",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "cve_id",
                          "severity",
                          "installation_date",
                          "created_at",
                          "published_at",
                          "cisa_exploitable",
                          "known_ransomware_campaign_use",
                          "severity_score",
                          "cvss20_score",
                          "cvss30_score",
                          "supports_update"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search assets CVE result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "account_id": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "vendor": {
                            "type": "string"
                          },
                          "normalized_vendor": {
                            "type": "string"
                          },
                          "display_vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "normalized_product": {
                            "type": "string"
                          },
                          "display_product": {
                            "type": "string"
                          },
                          "installed_version": {
                            "type": "string"
                          },
                          "normalized_installed_version": {
                            "type": "string"
                          },
                          "display_installed_version": {
                            "type": "string"
                          },
                          "installation_date": {
                            "type": "string"
                          },
                          "host_name": {
                            "type": "string"
                          },
                          "fully_qualified_host_name": {
                            "type": "string"
                          },
                          "alias": {
                            "type": "string"
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "os_info": {
                            "properties": {
                              "os_type": {
                                "type": "string"
                              },
                              "os_version": {
                                "type": "string"
                              },
                              "os_platform": {
                                "type": "string"
                              },
                              "os_architecture": {
                                "type": "string"
                              },
                              "os_release_name": {
                                "type": "string"
                              }
                            }
                          },
                          "cve_id": {
                            "type": "string"
                          },
                          "cisa_exploitable": {
                            "type": "boolean"
                          },
                          "known_ransomware_campaign_use": {
                            "type": "boolean"
                          },
                          "severity": {
                            "type": "string"
                          },
                          "severity_score": {
                            "type": "number"
                          },
                          "published_at": {
                            "type": "string"
                          },
                          "cvss30_score": {
                            "type": "number"
                          },
                          "cvss20_score": {
                            "type": "number"
                          },
                          "description": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "results",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.cve"
      }
    },
    "/nebula/v1/grid/cve/search-groupby": {
      "post": {
        "description": "Search grouped CVEs per account",
        "summary": "Search grouped CVEs",
        "simple_schema": "cve-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "CVE Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "CVE Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "CVE Simple String Fields",
                                          "enum": [
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "sort_name",
                                            "vendor",
                                            "normalized_vendor",
                                            "display_vendor",
                                            "product",
                                            "normalized_product",
                                            "display_product",
                                            "cve_id",
                                            "document_id",
                                            "language"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE Enum String Fields",
                                          "enum": [
                                            "os_info.os_type",
                                            "os_info.os_platform",
                                            "os_info.os_architecture",
                                            "severity",
                                            "architecture"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE UID String Fields",
                                          "enum": [
                                            "account_id",
                                            "parent_account_id",
                                            "group_id",
                                            "root_group_id",
                                            "machine_id",
                                            "object_guid"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE Version Fields",
                                          "enum": [
                                            "installed_version",
                                            "normalized_installed_version",
                                            "display_installed_version",
                                            "os_info.os_version",
                                            "latest_version_available"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "type": "string",
                                        "title": "CVE UID String Fields",
                                        "enum": [
                                          "account_id",
                                          "parent_account_id",
                                          "group_id",
                                          "root_group_id",
                                          "machine_id",
                                          "object_guid"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "CVE Simple String Fields",
                                          "enum": [
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "sort_name",
                                            "vendor",
                                            "normalized_vendor",
                                            "display_vendor",
                                            "product",
                                            "normalized_product",
                                            "display_product",
                                            "cve_id",
                                            "document_id",
                                            "language"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Boolean (Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "CVE Boolean Fields",
                                          "enum": [
                                            "cisa_exploitable",
                                            "known_ransomware_campaign_use",
                                            "supports_update"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "title": "Value to search. Must be true or false",
                                      "type": "boolean"
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "CVE Number String Fields",
                                          "enum": [
                                            "severity_score",
                                            "cvss20_score",
                                            "cvss30_score",
                                            "product_signature"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "CVE Date Fields",
                                          "enum": [
                                            "installation_date",
                                            "created_at",
                                            "published_at"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "CVE Simple String Fields",
                                          "enum": [
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "sort_name",
                                            "vendor",
                                            "normalized_vendor",
                                            "display_vendor",
                                            "product",
                                            "normalized_product",
                                            "display_product",
                                            "cve_id",
                                            "document_id",
                                            "language"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE Enum String Fields",
                                          "enum": [
                                            "os_info.os_type",
                                            "os_info.os_platform",
                                            "os_info.os_architecture",
                                            "severity",
                                            "architecture"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE UID String Fields",
                                          "enum": [
                                            "account_id",
                                            "parent_account_id",
                                            "group_id",
                                            "root_group_id",
                                            "machine_id",
                                            "object_guid"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE Version Fields",
                                          "enum": [
                                            "installed_version",
                                            "normalized_installed_version",
                                            "display_installed_version",
                                            "os_info.os_version",
                                            "latest_version_available"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE Number String Fields",
                                          "enum": [
                                            "severity_score",
                                            "cvss20_score",
                                            "cvss30_score",
                                            "product_signature"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "CVE Boolean Fields",
                                          "enum": [
                                            "cisa_exploitable",
                                            "known_ransomware_campaign_use",
                                            "supports_update"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "product",
                                  "value": "Example Product",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "CVE aggregation fields",
                              "enum": [
                                "account_id",
                                "account_name",
                                "parent_account_id",
                                "group_id",
                                "root_group_id",
                                "machine_id",
                                "endpoints",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "alias",
                                "sort_name",
                                "vendor",
                                "normalized_vendor",
                                "display_vendor",
                                "product",
                                "normalized_product",
                                "display_product",
                                "installed_version",
                                "normalized_installed_version",
                                "display_installed_version",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "cve_id",
                                "severity",
                                "severity_score",
                                "cisa_exploitable",
                                "known_ransomware_campaign_use",
                                "cvss20_score",
                                "cvss30_score"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "CVE sort fields",
                            "enum": [
                              "account_id",
                              "account_name",
                              "parent_account_id",
                              "group_id",
                              "root_group_id",
                              "machine_id",
                              "object_guid",
                              "host_name",
                              "fully_qualified_host_name",
                              "alias",
                              "sort_name",
                              "vendor",
                              "normalized_vendor",
                              "display_vendor",
                              "product",
                              "normalized_product",
                              "display_product",
                              "installed_version",
                              "normalized_installed_version",
                              "display_installed_version",
                              "os_info.os_type",
                              "os_info.os_version",
                              "os_info.os_platform",
                              "os_info.os_architecture",
                              "os_info.os_release_name",
                              "cve_id",
                              "severity",
                              "installation_date",
                              "created_at",
                              "published_at",
                              "cisa_exploitable",
                              "known_ransomware_campaign_use",
                              "severity_score",
                              "cvss20_score",
                              "cvss30_score",
                              "supports_update"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "CVE Groupby Fields",
                          "enum": [
                            "account_id",
                            "parent_account_id",
                            "group_id",
                            "root_group_id",
                            "machine_id",
                            "vendor",
                            "normalized_vendor",
                            "display_vendor",
                            "product",
                            "normalized_product",
                            "display_product",
                            "installed_version",
                            "normalized_installed_version",
                            "display_installed_version",
                            "installation_date",
                            "host_name",
                            "fully_qualified_host_name",
                            "alias",
                            "created_at",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "cve_id",
                            "cisa_exploitable",
                            "known_ransomware_campaign_use",
                            "severity",
                            "severity_score",
                            "published_at",
                            "cvss20_score",
                            "cvss30_score"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post CVE Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.cve.group"
      }
    },
    "/nebula/v1/grid/detections/export": {
      "post": {
        "description": "Export detections per account",
        "summary": "Export detections",
        "simple_schema": "detection-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Detection Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "field": {
                                "type": "string",
                                "title": "Detection select fields",
                                "enum": [
                                  "type",
                                  "group_id",
                                  "path",
                                  "status",
                                  "id",
                                  "machine_id",
                                  "account_id",
                                  "account.name",
                                  "group.name",
                                  "detection_id",
                                  "scanned_at",
                                  "scanned_at_offset_seconds",
                                  "reported_at",
                                  "category",
                                  "is_rtp_stream_event",
                                  "process_name",
                                  "cleaned_at",
                                  "machine_name",
                                  "machine_ip",
                                  "child_trace_count",
                                  "source_location",
                                  "destination_location",
                                  "machine_location",
                                  "trace_ip",
                                  "trace_port",
                                  "threat_name",
                                  "is_root_detection",
                                  "agent.at",
                                  "agent.last_user",
                                  "agent.fully_qualified_host_name",
                                  "agent.started_at_local",
                                  "agent.started_at_offset",
                                  "agent.os_info.os_type",
                                  "agent.os_info.os_version",
                                  "agent.os_info.os_platform",
                                  "agent.os_info.os_architecture",
                                  "agent.os_info.os_release_name",
                                  "agent.domain_name",
                                  "agent.engine_version",
                                  "agent.policy_etag",
                                  "agent.host_name",
                                  "agent.nics.ips",
                                  "agent.nics.mac_address",
                                  "agent.protection_status",
                                  "agent.object_guid",
                                  "sha256",
                                  "md5",
                                  "scan_result.device.disk_model",
                                  "action_taken",
                                  "agent.online"
                                ]
                              }
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch detections",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Detection Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "type": "string",
                                                  "title": "Detection UID String Fields",
                                                  "enum": [
                                                    "trace_id",
                                                    "scan_id",
                                                    "group_id",
                                                    "account_id",
                                                    "detection_id",
                                                    "parent_detection_id",
                                                    "id",
                                                    "machine_id",
                                                    "schedule_id",
                                                    "job_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Detection Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "rid_details.port",
                                                      "rid_details.attempts",
                                                      "rid_details.duration"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "trace_id",
                                            "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Detection aggregation fields",
                                        "enum": [
                                          "trace_id",
                                          "scan_id",
                                          "machine_id",
                                          "group_id",
                                          "account_id",
                                          "detection_id",
                                          "parent_detection_id",
                                          "correlation_hash",
                                          "status",
                                          "threat_name",
                                          "type",
                                          "path",
                                          "category",
                                          "md5",
                                          "affected_application",
                                          "process_name",
                                          "machine_name",
                                          "daily_detections_by_category",
                                          "protection_status",
                                          "agent.os_info.os_release_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "agent.nics.description",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.host_name",
                                          "agent.fully_qualified_host_name",
                                          "agent.plugins.asset_manager.plugin_version",
                                          "agent.plugins.asset_manager.reboot_reason",
                                          "agent.plugins.endpoint_protection.plugin_version",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.plugins.endpoint_protection.update_package_version",
                                          "agent.plugins.endpoint_protection.reboot_reason",
                                          "agent.plugins.endpoint_detection_response.plugin_version",
                                          "agent.plugins.endpoint_detection_response.reboot_reason",
                                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                                          "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                          "agent.plugins.incident_response.plugin_version",
                                          "agent.plugins.incident_response.reboot_reason",
                                          "agent.plugins.siem.plugin_version",
                                          "agent.plugins.browser_phishing_protection.plugin_version",
                                          "agent.plugins.siem.reboot_reason",
                                          "agent.engine_version",
                                          "agent.domain_name",
                                          "agent.policy_etag",
                                          "agent.last_user",
                                          "agent.object_guid",
                                          "scan_result.device.disk_model",
                                          "category_by_status"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Detection sort fields",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "machine_id",
                                        "group_id",
                                        "group_name",
                                        "account_id",
                                        "account_name",
                                        "detection_id",
                                        "parent_detection_id",
                                        "correlation_hash",
                                        "status",
                                        "threat_name",
                                        "type",
                                        "path",
                                        "category",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "machine_name",
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at",
                                        "is_root_detection",
                                        "is_rtp_stream_event",
                                        "agent.object_guid",
                                        "agent.last_user",
                                        "agent.engine_version",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.nics.ips",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    "start_date": {
                                      "type": "string",
                                      "title": "Get results after this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    },
                                    "end_date": {
                                      "type": "string",
                                      "title": "Get results before this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "type": "object",
                              "required": [
                                "account_ids"
                              ],
                              "properties": {
                                "account_ids": {
                                  "type": "array",
                                  "title": "The account ids to filter your search",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "title": "Account id items (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                    "examples": [
                                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                                    ]
                                  }
                                }
                              }
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.detections"
      }
    },
    "/nebula/v1/grid/detections/export/async": {
      "post": {
        "description": "Export detections per account",
        "summary": "Export detections asynchronously",
        "simple_schema": "detection-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Detection Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "field": {
                                "type": "string",
                                "title": "Detection select fields",
                                "enum": [
                                  "type",
                                  "group_id",
                                  "path",
                                  "status",
                                  "id",
                                  "machine_id",
                                  "account_id",
                                  "account.name",
                                  "group.name",
                                  "detection_id",
                                  "scanned_at",
                                  "scanned_at_offset_seconds",
                                  "reported_at",
                                  "category",
                                  "is_rtp_stream_event",
                                  "process_name",
                                  "cleaned_at",
                                  "machine_name",
                                  "machine_ip",
                                  "child_trace_count",
                                  "source_location",
                                  "destination_location",
                                  "machine_location",
                                  "trace_ip",
                                  "trace_port",
                                  "threat_name",
                                  "is_root_detection",
                                  "agent.at",
                                  "agent.last_user",
                                  "agent.fully_qualified_host_name",
                                  "agent.started_at_local",
                                  "agent.started_at_offset",
                                  "agent.os_info.os_type",
                                  "agent.os_info.os_version",
                                  "agent.os_info.os_platform",
                                  "agent.os_info.os_architecture",
                                  "agent.os_info.os_release_name",
                                  "agent.domain_name",
                                  "agent.engine_version",
                                  "agent.policy_etag",
                                  "agent.host_name",
                                  "agent.nics.ips",
                                  "agent.nics.mac_address",
                                  "agent.protection_status",
                                  "agent.object_guid",
                                  "sha256",
                                  "md5",
                                  "scan_result.device.disk_model",
                                  "action_taken",
                                  "agent.online"
                                ]
                              }
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch detections",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Detection Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "type": "string",
                                                  "title": "Detection UID String Fields",
                                                  "enum": [
                                                    "trace_id",
                                                    "scan_id",
                                                    "group_id",
                                                    "account_id",
                                                    "detection_id",
                                                    "parent_detection_id",
                                                    "id",
                                                    "machine_id",
                                                    "schedule_id",
                                                    "job_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Detection Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "rid_details.port",
                                                      "rid_details.attempts",
                                                      "rid_details.duration"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "trace_id",
                                            "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Detection aggregation fields",
                                        "enum": [
                                          "trace_id",
                                          "scan_id",
                                          "machine_id",
                                          "group_id",
                                          "account_id",
                                          "detection_id",
                                          "parent_detection_id",
                                          "correlation_hash",
                                          "status",
                                          "threat_name",
                                          "type",
                                          "path",
                                          "category",
                                          "md5",
                                          "affected_application",
                                          "process_name",
                                          "machine_name",
                                          "daily_detections_by_category",
                                          "protection_status",
                                          "agent.os_info.os_release_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "agent.nics.description",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.host_name",
                                          "agent.fully_qualified_host_name",
                                          "agent.plugins.asset_manager.plugin_version",
                                          "agent.plugins.asset_manager.reboot_reason",
                                          "agent.plugins.endpoint_protection.plugin_version",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.plugins.endpoint_protection.update_package_version",
                                          "agent.plugins.endpoint_protection.reboot_reason",
                                          "agent.plugins.endpoint_detection_response.plugin_version",
                                          "agent.plugins.endpoint_detection_response.reboot_reason",
                                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                                          "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                          "agent.plugins.incident_response.plugin_version",
                                          "agent.plugins.incident_response.reboot_reason",
                                          "agent.plugins.siem.plugin_version",
                                          "agent.plugins.browser_phishing_protection.plugin_version",
                                          "agent.plugins.siem.reboot_reason",
                                          "agent.engine_version",
                                          "agent.domain_name",
                                          "agent.policy_etag",
                                          "agent.last_user",
                                          "agent.object_guid",
                                          "scan_result.device.disk_model",
                                          "category_by_status"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Detection sort fields",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "machine_id",
                                        "group_id",
                                        "group_name",
                                        "account_id",
                                        "account_name",
                                        "detection_id",
                                        "parent_detection_id",
                                        "correlation_hash",
                                        "status",
                                        "threat_name",
                                        "type",
                                        "path",
                                        "category",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "machine_name",
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at",
                                        "is_root_detection",
                                        "is_rtp_stream_event",
                                        "agent.object_guid",
                                        "agent.last_user",
                                        "agent.engine_version",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.nics.ips",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    "start_date": {
                                      "type": "string",
                                      "title": "Get results after this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    },
                                    "end_date": {
                                      "type": "string",
                                      "title": "Get results before this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "type": "object",
                              "required": [
                                "account_ids"
                              ],
                              "properties": {
                                "account_ids": {
                                  "type": "array",
                                  "title": "The account ids to filter your search",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "title": "Account id items (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                    "examples": [
                                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                                    ]
                                  }
                                }
                              }
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.detections.async"
      }
    },
    "/nebula/v1/grid/detections/search": {
      "post": {
        "description": "Search detections per account",
        "summary": "Search detections",
        "simple_schema": "detection-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "Detection Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "Detection UID String Fields",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "group_id",
                                        "account_id",
                                        "detection_id",
                                        "parent_detection_id",
                                        "id",
                                        "machine_id",
                                        "schedule_id",
                                        "job_id"
                                      ]
                                    },
                                    {
                                      "title": "Detection Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "correlation_hash",
                                        "threat_name",
                                        "machine_name",
                                        "group_name",
                                        "path",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "schedule_etag",
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Enum String Fields",
                                      "enum": [
                                        "status",
                                        "type",
                                        "category",
                                        "scan_result.scan_type",
                                        "action_taken"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Detection UID String Fields",
                                    "enum": [
                                      "trace_id",
                                      "scan_id",
                                      "group_id",
                                      "account_id",
                                      "detection_id",
                                      "parent_detection_id",
                                      "id",
                                      "machine_id",
                                      "schedule_id",
                                      "job_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Detection Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "correlation_hash",
                                        "threat_name",
                                        "machine_name",
                                        "group_name",
                                        "path",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "schedule_etag",
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Boolean (Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "Detection Boolean Fields",
                                      "enum": [
                                        "is_root_detection",
                                        "is_rtp_stream_event"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "title": "Value to search. Must be true or false",
                                  "type": "boolean"
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.started_at_offset",
                                        "agent.plugins.asset_manager.reboot_reasons",
                                        "agent.plugins.endpoint_protection.reboot_reasons",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                        "agent.plugins.incident_response.reboot_reasons",
                                        "agent.plugins.siem.reboot_reasons"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Date Fields",
                                      "enum": [
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "IP Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "ip"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "Detection UID String Fields",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "group_id",
                                        "account_id",
                                        "detection_id",
                                        "parent_detection_id",
                                        "id",
                                        "machine_id",
                                        "schedule_id",
                                        "job_id"
                                      ]
                                    },
                                    {
                                      "title": "Detection Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "correlation_hash",
                                        "threat_name",
                                        "machine_name",
                                        "group_name",
                                        "path",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "schedule_etag",
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Enum String Fields",
                                      "enum": [
                                        "status",
                                        "type",
                                        "category",
                                        "scan_result.scan_type",
                                        "action_taken"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    },
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Date Fields",
                                      "enum": [
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Boolean Fields",
                                      "enum": [
                                        "is_root_detection",
                                        "is_rtp_stream_event"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Detection Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "rid_details.port",
                                        "rid_details.attempts",
                                        "rid_details.duration"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "trace_id",
                              "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "Detection aggregation fields",
                          "enum": [
                            "trace_id",
                            "scan_id",
                            "machine_id",
                            "group_id",
                            "account_id",
                            "detection_id",
                            "parent_detection_id",
                            "correlation_hash",
                            "status",
                            "threat_name",
                            "type",
                            "path",
                            "category",
                            "md5",
                            "affected_application",
                            "process_name",
                            "machine_name",
                            "daily_detections_by_category",
                            "protection_status",
                            "agent.os_info.os_release_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.nics.description",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.host_name",
                            "agent.fully_qualified_host_name",
                            "agent.plugins.asset_manager.plugin_version",
                            "agent.plugins.asset_manager.reboot_reason",
                            "agent.plugins.endpoint_protection.plugin_version",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.plugins.endpoint_protection.update_package_version",
                            "agent.plugins.endpoint_protection.reboot_reason",
                            "agent.plugins.endpoint_detection_response.plugin_version",
                            "agent.plugins.endpoint_detection_response.reboot_reason",
                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                            "agent.plugins.endpoint_detection_and_response.reboot_reason",
                            "agent.plugins.incident_response.plugin_version",
                            "agent.plugins.incident_response.reboot_reason",
                            "agent.plugins.siem.plugin_version",
                            "agent.plugins.browser_phishing_protection.plugin_version",
                            "agent.plugins.siem.reboot_reason",
                            "agent.engine_version",
                            "agent.domain_name",
                            "agent.policy_etag",
                            "agent.last_user",
                            "agent.object_guid",
                            "scan_result.device.disk_model",
                            "category_by_status"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Detection sort fields",
                        "enum": [
                          "trace_id",
                          "scan_id",
                          "machine_id",
                          "group_id",
                          "group_name",
                          "account_id",
                          "account_name",
                          "detection_id",
                          "parent_detection_id",
                          "correlation_hash",
                          "status",
                          "threat_name",
                          "type",
                          "path",
                          "category",
                          "md5",
                          "sha256",
                          "affected_application",
                          "process_name",
                          "machine_name",
                          "scanned_at",
                          "reported_at",
                          "cleaned_at",
                          "is_root_detection",
                          "is_rtp_stream_event",
                          "agent.object_guid",
                          "agent.last_user",
                          "agent.engine_version",
                          "agent.os_info.os_type",
                          "agent.os_info.os_version",
                          "agent.os_info.os_platform",
                          "agent.os_info.os_architecture",
                          "agent.os_info.os_release_name",
                          "agent.nics.ips",
                          "scan_result.device.disk_model"
                        ]
                      },
                      "start_date": {
                        "type": "string",
                        "title": "Get results after this date",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "end_date": {
                        "type": "string",
                        "title": "Get results before this date",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search detections result",
                  "properties": {
                    "detections": {
                      "type": "array",
                      "title": "Detections",
                      "items": {
                        "type": "object",
                        "title": "Detection items",
                        "additionalProperties": false,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID"
                          },
                          "type": {
                            "type": "array",
                            "title": "Type",
                            "items": {
                              "type": "string",
                              "title": "Type items"
                            }
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID"
                          },
                          "group": {
                            "type": "object",
                            "title": "The Group Schema",
                            "additionalProperties": true
                          },
                          "is_root_detection": {
                            "type": "boolean",
                            "title": "Is root detection"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID"
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection ID"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at"
                          },
                          "scanned_at_offset_seconds": {
                            "type": "integer",
                            "title": "Scanned at offset seconds"
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Reported at"
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "action_taken": {
                            "type": "string",
                            "title": "Action taken"
                          },
                          "is_rtp_stream_event": {
                            "type": "boolean",
                            "title": "Is rtp stream event"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          },
                          "cleaned_at": {
                            "type": "string",
                            "title": "Cleaned at"
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Endpoint name"
                          },
                          "trace_id": {
                            "type": "string",
                            "title": "Trace ID"
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "Affected application"
                          },
                          "last_user": {
                            "type": "string",
                            "title": "Last user"
                          },
                          "md5": {
                            "type": "string",
                            "title": "MD5"
                          },
                          "sha256": {
                            "type": "string",
                            "title": "SHA256"
                          },
                          "machine_ip": {
                            "type": "string",
                            "title": "Machine IP address"
                          },
                          "child_trace_count": {
                            "type": "integer",
                            "title": "Child trace count"
                          },
                          "agent": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "at": "2020-10-23T14:20:51.006558Z",
                                    "is_software_update_available": false,
                                    "started_at_local": "2020-10-23T14:20:50.920306Z",
                                    "started_at_offset": -25200,
                                    "nics": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "os_info": {
                                      "os_type": "Workstation",
                                      "os_version": "6.3.9600",
                                      "os_platform": "Windows",
                                      "os_architecture": "x86",
                                      "os_release_name": "Microsoft Windows 8.1 Pro"
                                    },
                                    "fully_qualified_host_name": "sahamedw8-1x86",
                                    "plugins": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      },
                                      "endpoint_protection": {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      },
                                      "asset_manager": {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      },
                                      "endpoint_detection_and_response": {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    },
                                    "engine_version": "1.2.0.821",
                                    "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                    "last_user": "SAHAMEDW8-1X86\\Administrator",
                                    "serial_number": "c02thb32g8wn",
                                    "host_name": "sahamedw8-1x86",
                                    "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                    "machine_ip": "216.75.233.210"
                                  }
                                ],
                                "properties": {
                                  "at": {
                                    "type": "string",
                                    "title": "The at schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:51.006558Z"
                                    ]
                                  },
                                  "is_software_update_available": {
                                    "type": "boolean",
                                    "title": "The is_software_update_available schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "started_at_local": {
                                    "type": "string",
                                    "title": "The started_at_local schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:50.920306Z"
                                    ]
                                  },
                                  "started_at_offset": {
                                    "type": "integer",
                                    "title": "The started_at_offset schema",
                                    "default": 0,
                                    "examples": [
                                      -25200
                                    ]
                                  },
                                  "nics": {
                                    "type": "array",
                                    "title": "The nics schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ]
                                    ],
                                    "additionalItems": true,
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "object",
                                          "title": "The first anyOf schema",
                                          "default": {},
                                          "examples": [
                                            {
                                              "ips": [
                                                "10.151.110.52"
                                              ],
                                              "description": "Intel(R) 82574L Gigabit Network Connection",
                                              "mac_address": "005056B91173"
                                            }
                                          ],
                                          "properties": {
                                            "ips": {
                                              "type": "array",
                                              "title": "The ips schema",
                                              "default": [],
                                              "examples": [
                                                [
                                                  "10.151.110.52"
                                                ]
                                              ],
                                              "additionalItems": true,
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "The first anyOf schema",
                                                    "default": "",
                                                    "examples": [
                                                      "10.151.110.52"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "The description schema",
                                              "default": "",
                                              "examples": [
                                                "Intel(R) 82574L Gigabit Network Connection"
                                              ]
                                            },
                                            "mac_address": {
                                              "type": "string",
                                              "title": "The mac_address schema",
                                              "default": "",
                                              "examples": [
                                                "005056B91173"
                                              ]
                                            }
                                          },
                                          "additionalProperties": true
                                        }
                                      ]
                                    }
                                  },
                                  "os_info": {
                                    "type": "object",
                                    "title": "The os_info schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "os_type": "Workstation",
                                        "os_version": "6.3.9600",
                                        "os_platform": "Windows",
                                        "os_architecture": "x86",
                                        "os_release_name": "Microsoft Windows 8.1 Pro"
                                      }
                                    ],
                                    "properties": {
                                      "os_type": {
                                        "type": "string",
                                        "title": "The os_type schema",
                                        "default": "",
                                        "examples": [
                                          "Workstation"
                                        ]
                                      },
                                      "os_version": {
                                        "type": "string",
                                        "title": "The os_version schema",
                                        "default": "",
                                        "examples": [
                                          "6.3.9600"
                                        ]
                                      },
                                      "os_platform": {
                                        "type": "string",
                                        "title": "The os_platform schema",
                                        "default": "",
                                        "examples": [
                                          "Windows"
                                        ]
                                      },
                                      "os_architecture": {
                                        "type": "string",
                                        "title": "The os_architecture schema",
                                        "default": "",
                                        "examples": [
                                          "x86"
                                        ]
                                      },
                                      "os_release_name": {
                                        "type": "string",
                                        "title": "The os_release_name schema",
                                        "default": "",
                                        "examples": [
                                          "Microsoft Windows 8.1 Pro"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "fully_qualified_host_name": {
                                    "type": "string",
                                    "title": "The fully_qualified_host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "plugins": {
                                    "type": "object",
                                    "title": "The plugins schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "windows_remote_intrusion_detection_and_prevention": {
                                          "product_name": "Windows Remote Intrusion Detection and Prevention",
                                          "plugin_version": "1.2.0.21"
                                        },
                                        "endpoint_protection": {
                                          "sdk_version": "4.2.1.90",
                                          "product_name": "Endpoint Protection",
                                          "plugin_version": "1.2.0.844",
                                          "update_package_version": "1.0.31870",
                                          "component_package_version": "1.0.1085",
                                          "reboot_reasons": 0
                                        },
                                        "asset_manager": {
                                          "product_name": "Asset Manager",
                                          "plugin_version": "1.2.0.330",
                                          "reboot_reasons": 0
                                        },
                                        "endpoint_detection_and_response": {
                                          "product_name": "Endpoint Detection and Response",
                                          "plugin_version": "1.2.0.297",
                                          "reboot_reasons": 0
                                        }
                                      }
                                    ],
                                    "properties": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "type": "object",
                                        "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Windows Remote Intrusion Detection and Prevention",
                                            "plugin_version": "1.2.0.21"
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Windows Remote Intrusion Detection and Prevention"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.21"
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_protection": {
                                        "type": "object",
                                        "title": "The endpoint_protection schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "sdk_version": "4.2.1.90",
                                            "product_name": "Endpoint Protection",
                                            "plugin_version": "1.2.0.844",
                                            "update_package_version": "1.0.31870",
                                            "component_package_version": "1.0.1085",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "sdk_version": {
                                            "type": "string",
                                            "title": "The sdk_version schema",
                                            "default": "",
                                            "examples": [
                                              "4.2.1.90"
                                            ]
                                          },
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Protection"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.844"
                                            ]
                                          },
                                          "update_package_version": {
                                            "type": "string",
                                            "title": "The update_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.31870"
                                            ]
                                          },
                                          "component_package_version": {
                                            "type": "string",
                                            "title": "The component_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.1085"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "asset_manager": {
                                        "type": "object",
                                        "title": "The asset_manager schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Asset Manager",
                                            "plugin_version": "1.2.0.330",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Asset Manager"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.330"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_detection_and_response": {
                                        "type": "object",
                                        "title": "The endpoint_detection_and_response schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Endpoint Detection and Response",
                                            "plugin_version": "1.2.0.297",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Detection and Response"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.297"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "engine_version": {
                                    "type": "string",
                                    "title": "The engine_version schema",
                                    "default": "",
                                    "examples": [
                                      "1.2.0.821"
                                    ]
                                  },
                                  "policy_etag": {
                                    "type": "string",
                                    "title": "The policy_etag schema",
                                    "default": "",
                                    "examples": [
                                      "c6ea44914b72c92cba939ac3bd369dc4"
                                    ]
                                  },
                                  "last_user": {
                                    "type": "string",
                                    "title": "The last_user schema",
                                    "default": "",
                                    "examples": [
                                      "SAHAMEDW8-1X86\\Administrator"
                                    ]
                                  },
                                  "host_name": {
                                    "type": "string",
                                    "title": "The host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "machine_id": {
                                    "type": "string",
                                    "title": "The machine_id schema",
                                    "default": "",
                                    "examples": [
                                      "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                    ]
                                  },
                                  "machine_ip": {
                                    "type": "string",
                                    "title": "The machine_ip schema",
                                    "default": "",
                                    "examples": [
                                      "216.75.233.210"
                                    ]
                                  },
                                  "object_guid": {
                                    "type": "string",
                                    "title": "The object_guid schema",
                                    "default": ""
                                  }
                                }
                              },
                              {
                                "title": "Agent information. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "machine_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Machine location. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "source_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Source location for RID category"
                              }
                            ]
                          },
                          "destination_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Destination location for RID category"
                              }
                            ]
                          },
                          "account": {
                            "parent": {
                              "title": "Parent account ID",
                              "type": "string"
                            },
                            "name": {
                              "title": "Account name",
                              "type": "string"
                            },
                            "deleted": {
                              "title": "Account deleted",
                              "type": "boolean"
                            },
                            "options": {
                              "type": "object",
                              "properties": {
                                "msp": {
                                  "type": "object",
                                  "properties": {
                                    "name": {
                                      "type": "string"
                                    }
                                  }
                                }
                              }
                            }
                          },
                          "rid_details": {
                            "type": "object",
                            "title": "Remote intrusion detection details",
                            "properties": {
                              "rule_id": {
                                "type": "string"
                              },
                              "ip": {
                                "type": "string"
                              },
                              "attack_user": {
                                "type": "string"
                              },
                              "protocol": {
                                "type": "string"
                              },
                              "port": {
                                "type": "integer"
                              },
                              "attempts": {
                                "type": "integer"
                              },
                              "duration": {
                                "type": "integer"
                              },
                              "create_time": {
                                "type": "string"
                              },
                              "expire_time": {
                                "type": "string"
                              },
                              "deleted": {
                                "type": "boolean"
                              },
                              "document_id": {
                                "type": "string"
                              },
                              "version": {
                                "type": "integer"
                              }
                            }
                          },
                          "device_control": {
                            "type": "object",
                            "title": "Device control object schema",
                            "properties": {
                              "timestamp": {
                                "type": "string",
                                "description": "Timestamp of the detection"
                              },
                              "physical_disk_name": {
                                "type": "string",
                                "description": "Physical disk name"
                              },
                              "device_id": {
                                "type": "string",
                                "description": "Device ID"
                              },
                              "disk_interface": {
                                "type": "string",
                                "description": "Disk interface"
                              },
                              "manufacturer": {
                                "type": "string",
                                "decription": "Manufacturer"
                              },
                              "serial_number": {
                                "type": "string",
                                "description": "Serial number"
                              },
                              "drive_compressed": {
                                "type": "boolean",
                                "description": "Boolean field to indicate if drive is compressed"
                              },
                              "file_system": {
                                "type": "string",
                                "description": "File system"
                              },
                              "volume_name": {
                                "type": "string",
                                "description": "Volume name"
                              },
                              "volume_serial": {
                                "type": "string",
                                "description": "Volume serial number"
                              },
                              "volume_device_path": {
                                "type": "string",
                                "description": "Volume device path"
                              },
                              "block_status": {
                                "type": "string",
                                "description": "Block status"
                              },
                              "drive_metadata": {
                                "type": "object",
                                "decription": "Drive metadata",
                                "additionalProperties": true
                              },
                              "pnp_device_id": {
                                "type": "string",
                                "decription": "PNP device ID"
                              },
                              "scanned_at": {
                                "type": "string",
                                "description": "Scanned at"
                              }
                            }
                          },
                          "scan_result": {
                            "title": "Scan Result. Included if the request includes populate 'scan_result'",
                            "type": "object",
                            "properties": {
                              "scan_id": {
                                "type": "string"
                              },
                              "account_id": {
                                "type": "string"
                              },
                              "machine_id": {
                                "type": "string"
                              },
                              "reported_at": {
                                "type": "string"
                              },
                              "scan_type": {
                                "type": "string"
                              },
                              "started_at": {
                                "type": "string"
                              },
                              "started_at_offset_seconds": {
                                "type": "integer"
                              },
                              "duration": {
                                "allOf": [
                                  {
                                    "bignumber": true
                                  },
                                  {
                                    "type": "number"
                                  }
                                ]
                              },
                              "found_count": {
                                "type": "integer"
                              },
                              "quarantined_count": {
                                "type": "integer"
                              },
                              "deleted_count": {
                                "type": "integer"
                              },
                              "device": {
                                "type": "object",
                                "title": "Device control object schema",
                                "properties": {
                                  "timestamp": {
                                    "type": "string",
                                    "description": "Timestamp of the detection"
                                  },
                                  "physical_disk_name": {
                                    "type": "string",
                                    "description": "Physical disk name"
                                  },
                                  "device_id": {
                                    "type": "string",
                                    "description": "Device ID"
                                  },
                                  "disk_interface": {
                                    "type": "string",
                                    "description": "Disk interface"
                                  },
                                  "manufacturer": {
                                    "type": "string",
                                    "decription": "Manufacturer"
                                  },
                                  "serial_number": {
                                    "type": "string",
                                    "description": "Serial number"
                                  },
                                  "drive_compressed": {
                                    "type": "boolean",
                                    "description": "Boolean field to indicate if drive is compressed"
                                  },
                                  "file_system": {
                                    "type": "string",
                                    "description": "File system"
                                  },
                                  "volume_name": {
                                    "type": "string",
                                    "description": "Volume name"
                                  },
                                  "volume_serial": {
                                    "type": "string",
                                    "description": "Volume serial number"
                                  },
                                  "volume_device_path": {
                                    "type": "string",
                                    "description": "Volume device path"
                                  },
                                  "block_status": {
                                    "type": "string",
                                    "description": "Block status"
                                  },
                                  "drive_metadata": {
                                    "type": "object",
                                    "decription": "Drive metadata",
                                    "additionalProperties": true
                                  },
                                  "pnp_device_id": {
                                    "type": "string",
                                    "decription": "PNP device ID"
                                  },
                                  "scanned_at": {
                                    "type": "string",
                                    "description": "Scanned at"
                                  }
                                }
                              },
                              "metadata": {
                                "properties": {
                                  "application_version": {
                                    "type": "string"
                                  },
                                  "components_update_package_version": {
                                    "type": "string"
                                  },
                                  "cpu": {
                                    "type": "string"
                                  },
                                  "db_sdk_update_package_version": {
                                    "type": "string"
                                  },
                                  "detection_date_time": {
                                    "type": "string"
                                  },
                                  "file_system": {
                                    "type": "string"
                                  },
                                  "files_detected": {
                                    "type": "integer"
                                  },
                                  "folders_detected": {
                                    "type": "integer"
                                  },
                                  "id": {
                                    "type": "string"
                                  },
                                  "license_state": {
                                    "type": "string"
                                  },
                                  "logged_on_user_name": {
                                    "type": "string"
                                  },
                                  "modules_detected": {
                                    "type": "integer"
                                  },
                                  "os": {
                                    "type": "string"
                                  },
                                  "processes_detected": {
                                    "type": "integer"
                                  },
                                  "registry_data_detected": {
                                    "type": "integer"
                                  },
                                  "registry_keys_detected": {
                                    "type": "integer"
                                  },
                                  "registry_values_detected": {
                                    "type": "integer"
                                  },
                                  "schema_version": {
                                    "type": "integer"
                                  },
                                  "source_details": {
                                    "properties": {
                                      "objects_scanned": {
                                        "type": "integer"
                                      },
                                      "scan_duration_secs": {
                                        "type": "integer"
                                      },
                                      "scan_options": {
                                        "properties": {
                                          "pum_handling": {
                                            "type": "string"
                                          },
                                          "pup_handling": {
                                            "type": "string"
                                          },
                                          "scan_archives": {
                                            "type": "boolean"
                                          },
                                          "scan_file_system": {
                                            "type": "boolean"
                                          },
                                          "scan_memory_objects": {
                                            "type": "boolean"
                                          },
                                          "scan_pums": {
                                            "type": "boolean"
                                          },
                                          "scan_pups": {
                                            "type": "boolean"
                                          },
                                          "scan_rootkits": {
                                            "type": "boolean"
                                          },
                                          "scan_startup_and_registry": {
                                            "type": "boolean"
                                          },
                                          "scan_type": {
                                            "type": "string"
                                          },
                                          "use_heuristics": {
                                            "type": "boolean"
                                          }
                                        }
                                      },
                                      "scan_result": {
                                        "type": "string"
                                      },
                                      "type": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "user_admin": {
                                    "type": "boolean"
                                  }
                                }
                              },
                              "schedule_id": {
                                "type": "string"
                              },
                              "schedule_etag": {
                                "type": "string"
                              },
                              "job_id": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.detections"
      }
    },
    "/nebula/v1/grid/detections/search-groupby": {
      "post": {
        "description": "Search grouped detections per account",
        "summary": "Search grouped detections",
        "simple_schema": "detection-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Detection Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "Detection Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "Detection UID String Fields",
                                          "enum": [
                                            "trace_id",
                                            "scan_id",
                                            "group_id",
                                            "account_id",
                                            "detection_id",
                                            "parent_detection_id",
                                            "id",
                                            "machine_id",
                                            "schedule_id",
                                            "job_id"
                                          ]
                                        },
                                        {
                                          "title": "Detection Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "correlation_hash",
                                            "threat_name",
                                            "machine_name",
                                            "group_name",
                                            "path",
                                            "md5",
                                            "sha256",
                                            "affected_application",
                                            "process_name",
                                            "schedule_etag",
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "scan_result.device.disk_model"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Enum String Fields",
                                          "enum": [
                                            "status",
                                            "type",
                                            "category",
                                            "scan_result.scan_type",
                                            "action_taken"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "type": "string",
                                        "title": "Detection UID String Fields",
                                        "enum": [
                                          "trace_id",
                                          "scan_id",
                                          "group_id",
                                          "account_id",
                                          "detection_id",
                                          "parent_detection_id",
                                          "id",
                                          "machine_id",
                                          "schedule_id",
                                          "job_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Detection Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "correlation_hash",
                                            "threat_name",
                                            "machine_name",
                                            "group_name",
                                            "path",
                                            "md5",
                                            "sha256",
                                            "affected_application",
                                            "process_name",
                                            "schedule_etag",
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "scan_result.device.disk_model"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Boolean (Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "Detection Boolean Fields",
                                          "enum": [
                                            "is_root_detection",
                                            "is_rtp_stream_event"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "title": "Value to search. Must be true or false",
                                      "type": "boolean"
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.started_at_offset",
                                            "agent.plugins.asset_manager.reboot_reasons",
                                            "agent.plugins.endpoint_protection.reboot_reasons",
                                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                            "agent.plugins.incident_response.reboot_reasons",
                                            "agent.plugins.siem.reboot_reasons"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Date Fields",
                                          "enum": [
                                            "scanned_at",
                                            "reported_at",
                                            "cleaned_at"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "IP Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "Detection UID String Fields",
                                          "enum": [
                                            "trace_id",
                                            "scan_id",
                                            "group_id",
                                            "account_id",
                                            "detection_id",
                                            "parent_detection_id",
                                            "id",
                                            "machine_id",
                                            "schedule_id",
                                            "job_id"
                                          ]
                                        },
                                        {
                                          "title": "Detection Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "correlation_hash",
                                            "threat_name",
                                            "machine_name",
                                            "group_name",
                                            "path",
                                            "md5",
                                            "sha256",
                                            "affected_application",
                                            "process_name",
                                            "schedule_etag",
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "scan_result.device.disk_model"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Enum String Fields",
                                          "enum": [
                                            "status",
                                            "type",
                                            "category",
                                            "scan_result.scan_type",
                                            "action_taken"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        },
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Date Fields",
                                          "enum": [
                                            "scanned_at",
                                            "reported_at",
                                            "cleaned_at"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Boolean Fields",
                                          "enum": [
                                            "is_root_detection",
                                            "is_rtp_stream_event"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Detection Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "rid_details.port",
                                            "rid_details.attempts",
                                            "rid_details.duration"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "trace_id",
                                  "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "Detection aggregation fields",
                              "enum": [
                                "trace_id",
                                "scan_id",
                                "machine_id",
                                "group_id",
                                "account_id",
                                "detection_id",
                                "parent_detection_id",
                                "correlation_hash",
                                "status",
                                "threat_name",
                                "type",
                                "path",
                                "category",
                                "md5",
                                "affected_application",
                                "process_name",
                                "machine_name",
                                "daily_detections_by_category",
                                "protection_status",
                                "agent.os_info.os_release_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "agent.nics.description",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.host_name",
                                "agent.fully_qualified_host_name",
                                "agent.plugins.asset_manager.plugin_version",
                                "agent.plugins.asset_manager.reboot_reason",
                                "agent.plugins.endpoint_protection.plugin_version",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.plugins.endpoint_protection.update_package_version",
                                "agent.plugins.endpoint_protection.reboot_reason",
                                "agent.plugins.endpoint_detection_response.plugin_version",
                                "agent.plugins.endpoint_detection_response.reboot_reason",
                                "agent.plugins.endpoint_detection_and_response.plugin_version",
                                "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                "agent.plugins.incident_response.plugin_version",
                                "agent.plugins.incident_response.reboot_reason",
                                "agent.plugins.siem.plugin_version",
                                "agent.plugins.browser_phishing_protection.plugin_version",
                                "agent.plugins.siem.reboot_reason",
                                "agent.engine_version",
                                "agent.domain_name",
                                "agent.policy_etag",
                                "agent.last_user",
                                "agent.object_guid",
                                "scan_result.device.disk_model",
                                "category_by_status"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "Detection sort fields",
                            "enum": [
                              "trace_id",
                              "scan_id",
                              "machine_id",
                              "group_id",
                              "group_name",
                              "account_id",
                              "account_name",
                              "detection_id",
                              "parent_detection_id",
                              "correlation_hash",
                              "status",
                              "threat_name",
                              "type",
                              "path",
                              "category",
                              "md5",
                              "sha256",
                              "affected_application",
                              "process_name",
                              "machine_name",
                              "scanned_at",
                              "reported_at",
                              "cleaned_at",
                              "is_root_detection",
                              "is_rtp_stream_event",
                              "agent.object_guid",
                              "agent.last_user",
                              "agent.engine_version",
                              "agent.os_info.os_type",
                              "agent.os_info.os_version",
                              "agent.os_info.os_platform",
                              "agent.os_info.os_architecture",
                              "agent.os_info.os_release_name",
                              "agent.nics.ips",
                              "scan_result.device.disk_model"
                            ]
                          },
                          "start_date": {
                            "type": "string",
                            "title": "Get results after this date",
                            "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "end_date": {
                            "type": "string",
                            "title": "Get results before this date",
                            "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "Detection Groupby Fields",
                          "enum": [
                            "account_id",
                            "group_id",
                            "group_name",
                            "machine_id",
                            "type",
                            "status",
                            "category",
                            "affected_application",
                            "threat_name",
                            "process_name",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_release_name",
                            "agent.os_info.os_platform",
                            "agent.object_guid",
                            "agent.last_user",
                            "sha256",
                            "md5",
                            "scan_result.device.disk_model",
                            "action_taken"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Detections Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.detections.group"
      }
    },
    "/nebula/v1/grid/device-control/export": {
      "post": {
        "description": "Search DNS activity per account",
        "summary": "Export device control events",
        "simple_schema": "device-control-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Device Control Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "field": {
                                "type": "string",
                                "title": "Device control select fields",
                                "enum": [
                                  "type",
                                  "group_id",
                                  "path",
                                  "status",
                                  "id",
                                  "machine_id",
                                  "account_id",
                                  "account.name",
                                  "group.name",
                                  "detection_id",
                                  "scanned_at",
                                  "scanned_at_offset_seconds",
                                  "reported_at",
                                  "category",
                                  "is_rtp_stream_event",
                                  "process_name",
                                  "cleaned_at",
                                  "machine_name",
                                  "machine_ip",
                                  "child_trace_count",
                                  "source_location",
                                  "destination_location",
                                  "machine_location",
                                  "trace_ip",
                                  "trace_port",
                                  "threat_name",
                                  "is_root_detection",
                                  "agent.at",
                                  "agent.last_user",
                                  "agent.fully_qualified_host_name",
                                  "agent.started_at_local",
                                  "agent.started_at_offset",
                                  "agent.os_info.os_type",
                                  "agent.os_info.os_version",
                                  "agent.os_info.os_platform",
                                  "agent.os_info.os_architecture",
                                  "agent.os_info.os_release_name",
                                  "agent.domain_name",
                                  "agent.engine_version",
                                  "agent.policy_etag",
                                  "agent.host_name",
                                  "agent.nics.ips",
                                  "agent.nics.mac_address",
                                  "agent.protection_status",
                                  "agent.object_guid",
                                  "sha256",
                                  "md5",
                                  "device_control.physical_disk_name",
                                  "device_control.pnp_device_id",
                                  "device_control.device_id",
                                  "device_control.disk_interface",
                                  "device_control.manufacturer",
                                  "device_control.serial_number",
                                  "device_control.file_system",
                                  "device_control.volume_name",
                                  "device_control.volume_serial",
                                  "device_control.volume_device_path",
                                  "device_control.block_status",
                                  "device_control.timestamp",
                                  "device_control.drive_compressed",
                                  "action_taken",
                                  "agent.online"
                                ]
                              }
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch device control events",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Device Control Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control UID String Fields",
                                                    "enum": [
                                                      "device_control.pnp_device_id",
                                                      "device_control.device_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Device Control Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "device_control.access"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "type": "string",
                                                  "title": "Detection UID String Fields",
                                                  "enum": [
                                                    "trace_id",
                                                    "scan_id",
                                                    "group_id",
                                                    "account_id",
                                                    "detection_id",
                                                    "parent_detection_id",
                                                    "id",
                                                    "machine_id",
                                                    "schedule_id",
                                                    "job_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Device Control Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "device_control.access"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control Date Fields",
                                                    "enum": [
                                                      "device_control.timestamp"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control UID String Fields",
                                                    "enum": [
                                                      "device_control.pnp_device_id",
                                                      "device_control.device_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Device Control Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "device_control.access"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control Date Fields",
                                                    "enum": [
                                                      "device_control.timestamp"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "trace_id",
                                            "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Device Control aggregation fields",
                                        "enum": [
                                          "trace_id",
                                          "scan_id",
                                          "machine_id",
                                          "group_id",
                                          "account_id",
                                          "detection_id",
                                          "parent_detection_id",
                                          "correlation_hash",
                                          "status",
                                          "threat_name",
                                          "type",
                                          "path",
                                          "category",
                                          "md5",
                                          "affected_application",
                                          "process_name",
                                          "machine_name",
                                          "daily_detections_by_category",
                                          "protection_status",
                                          "agent.os_info.os_release_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "agent.nics.description",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.host_name",
                                          "agent.fully_qualified_host_name",
                                          "agent.plugins.asset_manager.plugin_version",
                                          "agent.plugins.asset_manager.reboot_reason",
                                          "agent.plugins.endpoint_protection.plugin_version",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.plugins.endpoint_protection.update_package_version",
                                          "agent.plugins.endpoint_protection.reboot_reason",
                                          "agent.plugins.endpoint_detection_response.plugin_version",
                                          "agent.plugins.endpoint_detection_response.reboot_reason",
                                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                                          "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                          "agent.plugins.incident_response.plugin_version",
                                          "agent.plugins.incident_response.reboot_reason",
                                          "agent.plugins.siem.plugin_version",
                                          "agent.plugins.browser_phishing_protection.plugin_version",
                                          "agent.plugins.siem.reboot_reason",
                                          "agent.engine_version",
                                          "agent.domain_name",
                                          "agent.policy_etag",
                                          "agent.last_user",
                                          "agent.object_guid",
                                          "device_control.physical_disk_name",
                                          "device_control.pnp_device_id",
                                          "device_control.device_id",
                                          "device_control.disk_interface",
                                          "device_control.manufacturer",
                                          "device_control.serial_number",
                                          "device_control.file_system",
                                          "device_control.volume_name",
                                          "device_control.volume_serial",
                                          "device_control.volume_device_path",
                                          "device_control.block_status",
                                          "device_control.drive_compressed",
                                          "device_control.timestamp"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "If the sort field is used, then sort_order is required.",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "machine_id",
                                        "group_id",
                                        "account_id",
                                        "detection_id",
                                        "parent_detection_id",
                                        "correlation_hash",
                                        "status",
                                        "threat_name.keyword",
                                        "type",
                                        "path.keyword",
                                        "category",
                                        "md5",
                                        "sha256",
                                        "affected_application.keyword",
                                        "process_name.keyword",
                                        "machine_name.keyword",
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at",
                                        "is_root_detection",
                                        "is_rtp_stream_event",
                                        "object_guid",
                                        "device_control.physical_disk_name",
                                        "device_control.pnp_device_id",
                                        "device_control.device_id",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "device_control.block_status",
                                        "device_control.drive_compressed",
                                        "device_control.timestamp"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "type": "object",
                              "required": [
                                "account_ids"
                              ],
                              "properties": {
                                "account_ids": {
                                  "type": "array",
                                  "title": "The account ids to filter your search",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "title": "Account id items (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                    "examples": [
                                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                                    ]
                                  }
                                }
                              }
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.device_control"
      }
    },
    "/nebula/v1/grid/device-control/export/async": {
      "post": {
        "description": "Search DNS activity per account",
        "summary": "Export device control events asynchronously",
        "simple_schema": "device-control-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Device Control Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "field": {
                                "type": "string",
                                "title": "Device control select fields",
                                "enum": [
                                  "type",
                                  "group_id",
                                  "path",
                                  "status",
                                  "id",
                                  "machine_id",
                                  "account_id",
                                  "account.name",
                                  "group.name",
                                  "detection_id",
                                  "scanned_at",
                                  "scanned_at_offset_seconds",
                                  "reported_at",
                                  "category",
                                  "is_rtp_stream_event",
                                  "process_name",
                                  "cleaned_at",
                                  "machine_name",
                                  "machine_ip",
                                  "child_trace_count",
                                  "source_location",
                                  "destination_location",
                                  "machine_location",
                                  "trace_ip",
                                  "trace_port",
                                  "threat_name",
                                  "is_root_detection",
                                  "agent.at",
                                  "agent.last_user",
                                  "agent.fully_qualified_host_name",
                                  "agent.started_at_local",
                                  "agent.started_at_offset",
                                  "agent.os_info.os_type",
                                  "agent.os_info.os_version",
                                  "agent.os_info.os_platform",
                                  "agent.os_info.os_architecture",
                                  "agent.os_info.os_release_name",
                                  "agent.domain_name",
                                  "agent.engine_version",
                                  "agent.policy_etag",
                                  "agent.host_name",
                                  "agent.nics.ips",
                                  "agent.nics.mac_address",
                                  "agent.protection_status",
                                  "agent.object_guid",
                                  "sha256",
                                  "md5",
                                  "device_control.physical_disk_name",
                                  "device_control.pnp_device_id",
                                  "device_control.device_id",
                                  "device_control.disk_interface",
                                  "device_control.manufacturer",
                                  "device_control.serial_number",
                                  "device_control.file_system",
                                  "device_control.volume_name",
                                  "device_control.volume_serial",
                                  "device_control.volume_device_path",
                                  "device_control.block_status",
                                  "device_control.timestamp",
                                  "device_control.drive_compressed",
                                  "action_taken",
                                  "agent.online"
                                ]
                              }
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch device control events",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Device Control Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control UID String Fields",
                                                    "enum": [
                                                      "device_control.pnp_device_id",
                                                      "device_control.device_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Device Control Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "device_control.access"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "type": "string",
                                                  "title": "Detection UID String Fields",
                                                  "enum": [
                                                    "trace_id",
                                                    "scan_id",
                                                    "group_id",
                                                    "account_id",
                                                    "detection_id",
                                                    "parent_detection_id",
                                                    "id",
                                                    "machine_id",
                                                    "schedule_id",
                                                    "job_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Device Control Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "device_control.access"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control Date Fields",
                                                    "enum": [
                                                      "device_control.timestamp"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "Detection UID String Fields",
                                                    "enum": [
                                                      "trace_id",
                                                      "scan_id",
                                                      "group_id",
                                                      "account_id",
                                                      "detection_id",
                                                      "parent_detection_id",
                                                      "id",
                                                      "machine_id",
                                                      "schedule_id",
                                                      "job_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Detection Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "correlation_hash",
                                                      "threat_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "path",
                                                      "md5",
                                                      "sha256",
                                                      "affected_application",
                                                      "process_name",
                                                      "schedule_etag",
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "scan_result.device.disk_model"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Enum String Fields",
                                                    "enum": [
                                                      "status",
                                                      "type",
                                                      "category",
                                                      "scan_result.scan_type",
                                                      "action_taken"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Date Fields",
                                                    "enum": [
                                                      "scanned_at",
                                                      "reported_at",
                                                      "cleaned_at"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Detection Boolean Fields",
                                                    "enum": [
                                                      "is_root_detection",
                                                      "is_rtp_stream_event"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control UID String Fields",
                                                    "enum": [
                                                      "device_control.pnp_device_id",
                                                      "device_control.device_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Device Control Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "device_control.physical_disk_name",
                                                      "device_control.disk_interface",
                                                      "device_control.manufacturer",
                                                      "device_control.serial_number",
                                                      "device_control.file_system",
                                                      "device_control.volume_name",
                                                      "device_control.volume_serial",
                                                      "device_control.volume_device_path",
                                                      "device_control.access"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Device Control Date Fields",
                                                    "enum": [
                                                      "device_control.timestamp"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "trace_id",
                                            "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Device Control aggregation fields",
                                        "enum": [
                                          "trace_id",
                                          "scan_id",
                                          "machine_id",
                                          "group_id",
                                          "account_id",
                                          "detection_id",
                                          "parent_detection_id",
                                          "correlation_hash",
                                          "status",
                                          "threat_name",
                                          "type",
                                          "path",
                                          "category",
                                          "md5",
                                          "affected_application",
                                          "process_name",
                                          "machine_name",
                                          "daily_detections_by_category",
                                          "protection_status",
                                          "agent.os_info.os_release_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "agent.nics.description",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.host_name",
                                          "agent.fully_qualified_host_name",
                                          "agent.plugins.asset_manager.plugin_version",
                                          "agent.plugins.asset_manager.reboot_reason",
                                          "agent.plugins.endpoint_protection.plugin_version",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.plugins.endpoint_protection.update_package_version",
                                          "agent.plugins.endpoint_protection.reboot_reason",
                                          "agent.plugins.endpoint_detection_response.plugin_version",
                                          "agent.plugins.endpoint_detection_response.reboot_reason",
                                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                                          "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                          "agent.plugins.incident_response.plugin_version",
                                          "agent.plugins.incident_response.reboot_reason",
                                          "agent.plugins.siem.plugin_version",
                                          "agent.plugins.browser_phishing_protection.plugin_version",
                                          "agent.plugins.siem.reboot_reason",
                                          "agent.engine_version",
                                          "agent.domain_name",
                                          "agent.policy_etag",
                                          "agent.last_user",
                                          "agent.object_guid",
                                          "device_control.physical_disk_name",
                                          "device_control.pnp_device_id",
                                          "device_control.device_id",
                                          "device_control.disk_interface",
                                          "device_control.manufacturer",
                                          "device_control.serial_number",
                                          "device_control.file_system",
                                          "device_control.volume_name",
                                          "device_control.volume_serial",
                                          "device_control.volume_device_path",
                                          "device_control.block_status",
                                          "device_control.drive_compressed",
                                          "device_control.timestamp"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "If the sort field is used, then sort_order is required.",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "machine_id",
                                        "group_id",
                                        "account_id",
                                        "detection_id",
                                        "parent_detection_id",
                                        "correlation_hash",
                                        "status",
                                        "threat_name.keyword",
                                        "type",
                                        "path.keyword",
                                        "category",
                                        "md5",
                                        "sha256",
                                        "affected_application.keyword",
                                        "process_name.keyword",
                                        "machine_name.keyword",
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at",
                                        "is_root_detection",
                                        "is_rtp_stream_event",
                                        "object_guid",
                                        "device_control.physical_disk_name",
                                        "device_control.pnp_device_id",
                                        "device_control.device_id",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "device_control.block_status",
                                        "device_control.drive_compressed",
                                        "device_control.timestamp"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "type": "object",
                              "required": [
                                "account_ids"
                              ],
                              "properties": {
                                "account_ids": {
                                  "type": "array",
                                  "title": "The account ids to filter your search",
                                  "minItems": 1,
                                  "items": {
                                    "type": "string",
                                    "title": "Account id items (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                                    "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                                    "examples": [
                                      "9256034b-7967-4253-a5d9-260663e4fa4f"
                                    ]
                                  }
                                }
                              }
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.device_control.async"
      }
    },
    "/nebula/v1/grid/device-control/search": {
      "post": {
        "description": "Search device control events per account",
        "summary": "Search device control events",
        "simple_schema": "device-control-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "Device Control Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "Detection UID String Fields",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "group_id",
                                        "account_id",
                                        "detection_id",
                                        "parent_detection_id",
                                        "id",
                                        "machine_id",
                                        "schedule_id",
                                        "job_id"
                                      ]
                                    },
                                    {
                                      "title": "Detection Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "correlation_hash",
                                        "threat_name",
                                        "machine_name",
                                        "group_name",
                                        "path",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "schedule_etag",
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Enum String Fields",
                                      "enum": [
                                        "status",
                                        "type",
                                        "category",
                                        "scan_result.scan_type",
                                        "action_taken"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Device Control UID String Fields",
                                      "enum": [
                                        "device_control.pnp_device_id",
                                        "device_control.device_id"
                                      ]
                                    },
                                    {
                                      "title": "Device Control Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "device_control.access"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Detection UID String Fields",
                                    "enum": [
                                      "trace_id",
                                      "scan_id",
                                      "group_id",
                                      "account_id",
                                      "detection_id",
                                      "parent_detection_id",
                                      "id",
                                      "machine_id",
                                      "schedule_id",
                                      "job_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Detection Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "correlation_hash",
                                        "threat_name",
                                        "machine_name",
                                        "group_name",
                                        "path",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "schedule_etag",
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Device Control Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "device_control.access"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.started_at_offset",
                                        "agent.plugins.asset_manager.reboot_reasons",
                                        "agent.plugins.endpoint_protection.reboot_reasons",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                        "agent.plugins.incident_response.reboot_reasons",
                                        "agent.plugins.siem.reboot_reasons"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Boolean (Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "Detection Boolean Fields",
                                      "enum": [
                                        "is_root_detection",
                                        "is_rtp_stream_event"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "title": "Value to search. Must be true or false",
                                  "type": "boolean"
                                }
                              }
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Date Fields",
                                      "enum": [
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Device Control Date Fields",
                                      "enum": [
                                        "device_control.timestamp"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "IP Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "ip"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "Detection UID String Fields",
                                      "enum": [
                                        "trace_id",
                                        "scan_id",
                                        "group_id",
                                        "account_id",
                                        "detection_id",
                                        "parent_detection_id",
                                        "id",
                                        "machine_id",
                                        "schedule_id",
                                        "job_id"
                                      ]
                                    },
                                    {
                                      "title": "Detection Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "correlation_hash",
                                        "threat_name",
                                        "machine_name",
                                        "group_name",
                                        "path",
                                        "md5",
                                        "sha256",
                                        "affected_application",
                                        "process_name",
                                        "schedule_etag",
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "scan_result.device.disk_model"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Enum String Fields",
                                      "enum": [
                                        "status",
                                        "type",
                                        "category",
                                        "scan_result.scan_type",
                                        "action_taken"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    },
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Date Fields",
                                      "enum": [
                                        "scanned_at",
                                        "reported_at",
                                        "cleaned_at"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Detection Boolean Fields",
                                      "enum": [
                                        "is_root_detection",
                                        "is_rtp_stream_event"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Device Control UID String Fields",
                                      "enum": [
                                        "device_control.pnp_device_id",
                                        "device_control.device_id"
                                      ]
                                    },
                                    {
                                      "title": "Device Control Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "device_control.physical_disk_name",
                                        "device_control.disk_interface",
                                        "device_control.manufacturer",
                                        "device_control.serial_number",
                                        "device_control.file_system",
                                        "device_control.volume_name",
                                        "device_control.volume_serial",
                                        "device_control.volume_device_path",
                                        "device_control.access"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Device Control Date Fields",
                                      "enum": [
                                        "device_control.timestamp"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "trace_id",
                              "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "Device Control aggregation fields",
                          "enum": [
                            "trace_id",
                            "scan_id",
                            "machine_id",
                            "group_id",
                            "account_id",
                            "detection_id",
                            "parent_detection_id",
                            "correlation_hash",
                            "status",
                            "threat_name",
                            "type",
                            "path",
                            "category",
                            "md5",
                            "affected_application",
                            "process_name",
                            "machine_name",
                            "daily_detections_by_category",
                            "protection_status",
                            "agent.os_info.os_release_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.nics.description",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.host_name",
                            "agent.fully_qualified_host_name",
                            "agent.plugins.asset_manager.plugin_version",
                            "agent.plugins.asset_manager.reboot_reason",
                            "agent.plugins.endpoint_protection.plugin_version",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.plugins.endpoint_protection.update_package_version",
                            "agent.plugins.endpoint_protection.reboot_reason",
                            "agent.plugins.endpoint_detection_response.plugin_version",
                            "agent.plugins.endpoint_detection_response.reboot_reason",
                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                            "agent.plugins.endpoint_detection_and_response.reboot_reason",
                            "agent.plugins.incident_response.plugin_version",
                            "agent.plugins.incident_response.reboot_reason",
                            "agent.plugins.siem.plugin_version",
                            "agent.plugins.browser_phishing_protection.plugin_version",
                            "agent.plugins.siem.reboot_reason",
                            "agent.engine_version",
                            "agent.domain_name",
                            "agent.policy_etag",
                            "agent.last_user",
                            "agent.object_guid",
                            "device_control.physical_disk_name",
                            "device_control.pnp_device_id",
                            "device_control.device_id",
                            "device_control.disk_interface",
                            "device_control.manufacturer",
                            "device_control.serial_number",
                            "device_control.file_system",
                            "device_control.volume_name",
                            "device_control.volume_serial",
                            "device_control.volume_device_path",
                            "device_control.block_status",
                            "device_control.drive_compressed",
                            "device_control.timestamp"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "If the sort field is used, then sort_order is required.",
                        "enum": [
                          "trace_id",
                          "scan_id",
                          "machine_id",
                          "group_id",
                          "account_id",
                          "detection_id",
                          "parent_detection_id",
                          "correlation_hash",
                          "status",
                          "threat_name.keyword",
                          "type",
                          "path.keyword",
                          "category",
                          "md5",
                          "sha256",
                          "affected_application.keyword",
                          "process_name.keyword",
                          "machine_name.keyword",
                          "scanned_at",
                          "reported_at",
                          "cleaned_at",
                          "is_root_detection",
                          "is_rtp_stream_event",
                          "object_guid",
                          "device_control.physical_disk_name",
                          "device_control.pnp_device_id",
                          "device_control.device_id",
                          "device_control.disk_interface",
                          "device_control.manufacturer",
                          "device_control.serial_number",
                          "device_control.file_system",
                          "device_control.volume_name",
                          "device_control.volume_serial",
                          "device_control.volume_device_path",
                          "device_control.block_status",
                          "device_control.drive_compressed",
                          "device_control.timestamp"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search detections result",
                  "properties": {
                    "detections": {
                      "type": "array",
                      "title": "Detections",
                      "items": {
                        "type": "object",
                        "title": "Detection items",
                        "additionalProperties": false,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "ID"
                          },
                          "status": {
                            "type": "string",
                            "title": "Status"
                          },
                          "path": {
                            "type": "string",
                            "title": "Path"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID"
                          },
                          "is_root_detection": {
                            "type": "boolean",
                            "title": "Is root detection"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Endpoint ID"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID"
                          },
                          "detection_id": {
                            "type": "string",
                            "title": "Detection ID"
                          },
                          "scanned_at": {
                            "type": "string",
                            "title": "Scanned at"
                          },
                          "scanned_at_offset_seconds": {
                            "type": "integer",
                            "title": "Scanned at offset seconds"
                          },
                          "reported_at": {
                            "type": "string",
                            "title": "Reported at"
                          },
                          "threat_name": {
                            "type": "string",
                            "title": "Threat name"
                          },
                          "category": {
                            "type": "string",
                            "title": "Category"
                          },
                          "is_rtp_stream_event": {
                            "type": "boolean",
                            "title": "Is rtp stream event"
                          },
                          "process_name": {
                            "type": "string",
                            "title": "Process name"
                          },
                          "cleaned_at": {
                            "type": "string",
                            "title": "Cleaned at"
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Endpoint name"
                          },
                          "trace_id": {
                            "type": "string",
                            "title": "Trace ID"
                          },
                          "scan_id": {
                            "type": "string",
                            "title": "Scan ID"
                          },
                          "affected_application": {
                            "type": "string",
                            "title": "Affected application"
                          },
                          "last_user": {
                            "type": "string",
                            "title": "Last user"
                          },
                          "md5": {
                            "type": "string",
                            "title": "MD5"
                          },
                          "sha256": {
                            "type": "string",
                            "title": "SHA256"
                          },
                          "machine_ip": {
                            "type": "string",
                            "title": "Machine IP address"
                          },
                          "child_trace_count": {
                            "type": "integer",
                            "title": "Child trace count"
                          },
                          "action_taken": {
                            "type": "string",
                            "title": "Action taken"
                          },
                          "agent": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "at": "2020-10-23T14:20:51.006558Z",
                                    "is_software_update_available": false,
                                    "started_at_local": "2020-10-23T14:20:50.920306Z",
                                    "started_at_offset": -25200,
                                    "nics": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "os_info": {
                                      "os_type": "Workstation",
                                      "os_version": "6.3.9600",
                                      "os_platform": "Windows",
                                      "os_architecture": "x86",
                                      "os_release_name": "Microsoft Windows 8.1 Pro"
                                    },
                                    "fully_qualified_host_name": "sahamedw8-1x86",
                                    "plugins": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      },
                                      "endpoint_protection": {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      },
                                      "asset_manager": {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      },
                                      "endpoint_detection_and_response": {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    },
                                    "engine_version": "1.2.0.821",
                                    "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                    "last_user": "SAHAMEDW8-1X86\\Administrator",
                                    "serial_number": "c02thb32g8wn",
                                    "host_name": "sahamedw8-1x86",
                                    "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                    "machine_ip": "216.75.233.210"
                                  }
                                ],
                                "properties": {
                                  "at": {
                                    "type": "string",
                                    "title": "The at schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:51.006558Z"
                                    ]
                                  },
                                  "is_software_update_available": {
                                    "type": "boolean",
                                    "title": "The is_software_update_available schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "started_at_local": {
                                    "type": "string",
                                    "title": "The started_at_local schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:50.920306Z"
                                    ]
                                  },
                                  "started_at_offset": {
                                    "type": "integer",
                                    "title": "The started_at_offset schema",
                                    "default": 0,
                                    "examples": [
                                      -25200
                                    ]
                                  },
                                  "nics": {
                                    "type": "array",
                                    "title": "The nics schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ]
                                    ],
                                    "additionalItems": true,
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "object",
                                          "title": "The first anyOf schema",
                                          "default": {},
                                          "examples": [
                                            {
                                              "ips": [
                                                "10.151.110.52"
                                              ],
                                              "description": "Intel(R) 82574L Gigabit Network Connection",
                                              "mac_address": "005056B91173"
                                            }
                                          ],
                                          "properties": {
                                            "ips": {
                                              "type": "array",
                                              "title": "The ips schema",
                                              "default": [],
                                              "examples": [
                                                [
                                                  "10.151.110.52"
                                                ]
                                              ],
                                              "additionalItems": true,
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "The first anyOf schema",
                                                    "default": "",
                                                    "examples": [
                                                      "10.151.110.52"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "The description schema",
                                              "default": "",
                                              "examples": [
                                                "Intel(R) 82574L Gigabit Network Connection"
                                              ]
                                            },
                                            "mac_address": {
                                              "type": "string",
                                              "title": "The mac_address schema",
                                              "default": "",
                                              "examples": [
                                                "005056B91173"
                                              ]
                                            }
                                          },
                                          "additionalProperties": true
                                        }
                                      ]
                                    }
                                  },
                                  "os_info": {
                                    "type": "object",
                                    "title": "The os_info schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "os_type": "Workstation",
                                        "os_version": "6.3.9600",
                                        "os_platform": "Windows",
                                        "os_architecture": "x86",
                                        "os_release_name": "Microsoft Windows 8.1 Pro"
                                      }
                                    ],
                                    "properties": {
                                      "os_type": {
                                        "type": "string",
                                        "title": "The os_type schema",
                                        "default": "",
                                        "examples": [
                                          "Workstation"
                                        ]
                                      },
                                      "os_version": {
                                        "type": "string",
                                        "title": "The os_version schema",
                                        "default": "",
                                        "examples": [
                                          "6.3.9600"
                                        ]
                                      },
                                      "os_platform": {
                                        "type": "string",
                                        "title": "The os_platform schema",
                                        "default": "",
                                        "examples": [
                                          "Windows"
                                        ]
                                      },
                                      "os_architecture": {
                                        "type": "string",
                                        "title": "The os_architecture schema",
                                        "default": "",
                                        "examples": [
                                          "x86"
                                        ]
                                      },
                                      "os_release_name": {
                                        "type": "string",
                                        "title": "The os_release_name schema",
                                        "default": "",
                                        "examples": [
                                          "Microsoft Windows 8.1 Pro"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "fully_qualified_host_name": {
                                    "type": "string",
                                    "title": "The fully_qualified_host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "plugins": {
                                    "type": "object",
                                    "title": "The plugins schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "windows_remote_intrusion_detection_and_prevention": {
                                          "product_name": "Windows Remote Intrusion Detection and Prevention",
                                          "plugin_version": "1.2.0.21"
                                        },
                                        "endpoint_protection": {
                                          "sdk_version": "4.2.1.90",
                                          "product_name": "Endpoint Protection",
                                          "plugin_version": "1.2.0.844",
                                          "update_package_version": "1.0.31870",
                                          "component_package_version": "1.0.1085",
                                          "reboot_reasons": 0
                                        },
                                        "asset_manager": {
                                          "product_name": "Asset Manager",
                                          "plugin_version": "1.2.0.330",
                                          "reboot_reasons": 0
                                        },
                                        "endpoint_detection_and_response": {
                                          "product_name": "Endpoint Detection and Response",
                                          "plugin_version": "1.2.0.297",
                                          "reboot_reasons": 0
                                        }
                                      }
                                    ],
                                    "properties": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "type": "object",
                                        "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Windows Remote Intrusion Detection and Prevention",
                                            "plugin_version": "1.2.0.21"
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Windows Remote Intrusion Detection and Prevention"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.21"
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_protection": {
                                        "type": "object",
                                        "title": "The endpoint_protection schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "sdk_version": "4.2.1.90",
                                            "product_name": "Endpoint Protection",
                                            "plugin_version": "1.2.0.844",
                                            "update_package_version": "1.0.31870",
                                            "component_package_version": "1.0.1085",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "sdk_version": {
                                            "type": "string",
                                            "title": "The sdk_version schema",
                                            "default": "",
                                            "examples": [
                                              "4.2.1.90"
                                            ]
                                          },
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Protection"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.844"
                                            ]
                                          },
                                          "update_package_version": {
                                            "type": "string",
                                            "title": "The update_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.31870"
                                            ]
                                          },
                                          "component_package_version": {
                                            "type": "string",
                                            "title": "The component_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.1085"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "asset_manager": {
                                        "type": "object",
                                        "title": "The asset_manager schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Asset Manager",
                                            "plugin_version": "1.2.0.330",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Asset Manager"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.330"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_detection_and_response": {
                                        "type": "object",
                                        "title": "The endpoint_detection_and_response schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Endpoint Detection and Response",
                                            "plugin_version": "1.2.0.297",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Detection and Response"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.297"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "engine_version": {
                                    "type": "string",
                                    "title": "The engine_version schema",
                                    "default": "",
                                    "examples": [
                                      "1.2.0.821"
                                    ]
                                  },
                                  "policy_etag": {
                                    "type": "string",
                                    "title": "The policy_etag schema",
                                    "default": "",
                                    "examples": [
                                      "c6ea44914b72c92cba939ac3bd369dc4"
                                    ]
                                  },
                                  "last_user": {
                                    "type": "string",
                                    "title": "The last_user schema",
                                    "default": "",
                                    "examples": [
                                      "SAHAMEDW8-1X86\\Administrator"
                                    ]
                                  },
                                  "host_name": {
                                    "type": "string",
                                    "title": "The host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "machine_id": {
                                    "type": "string",
                                    "title": "The machine_id schema",
                                    "default": "",
                                    "examples": [
                                      "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                    ]
                                  },
                                  "machine_ip": {
                                    "type": "string",
                                    "title": "The machine_ip schema",
                                    "default": "",
                                    "examples": [
                                      "216.75.233.210"
                                    ]
                                  },
                                  "object_guid": {
                                    "type": "string",
                                    "title": "The object_guid schema",
                                    "default": ""
                                  }
                                }
                              },
                              {
                                "title": "Agent information. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "machine_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Machine location. Included if the request includes populate 'endpoint'"
                              }
                            ]
                          },
                          "source_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Source location for RID category"
                              }
                            ]
                          },
                          "destination_location": {
                            "allOf": [
                              {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              {
                                "title": "Destination location for RID category"
                              }
                            ]
                          },
                          "account": {
                            "parent": {
                              "title": "Parent account ID",
                              "type": "string"
                            },
                            "name": {
                              "title": "Account name",
                              "type": "string"
                            },
                            "deleted": {
                              "title": "Account deleted",
                              "type": "boolean"
                            }
                          },
                          "group": {
                            "type": "object",
                            "title": "The Group Schema",
                            "additionalProperties": true
                          },
                          "device_control": {
                            "title": "Device Control. Included if the detection is a device control event.",
                            "type": "object",
                            "properties": {
                              "timestamp": {
                                "type": "string"
                              },
                              "physical_disk_name": {
                                "type": "string"
                              },
                              "device_id": {
                                "type": "string"
                              },
                              "disk_interface": {
                                "type": "string"
                              },
                              "manufacturer": {
                                "type": "string"
                              },
                              "serial_number": {
                                "type": "string"
                              },
                              "drive_compressed": {
                                "type": "boolean"
                              },
                              "file_system": {
                                "type": "string"
                              },
                              "volume_name": {
                                "type": "string"
                              },
                              "volume_serial": {
                                "type": "string"
                              },
                              "volume_device_path": {
                                "type": "string"
                              },
                              "block_status": {
                                "type": "string"
                              },
                              "drive_metadata": {
                                "type": "object",
                                "additionalProperties": true
                              },
                              "path": {
                                "type": "string"
                              },
                              "type": {
                                "type": "array"
                              },
                              "status": {
                                "type": "string"
                              },
                              "exclusion_id": {
                                "type": "string"
                              },
                              "access": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.device_control"
      }
    },
    "/nebula/v1/grid/device-control/search-groupby": {
      "post": {
        "description": "Search grouped device control events per account",
        "summary": "Search grouped device control events",
        "simple_schema": "device-control-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Device Control Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "Device Control Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "Detection UID String Fields",
                                          "enum": [
                                            "trace_id",
                                            "scan_id",
                                            "group_id",
                                            "account_id",
                                            "detection_id",
                                            "parent_detection_id",
                                            "id",
                                            "machine_id",
                                            "schedule_id",
                                            "job_id"
                                          ]
                                        },
                                        {
                                          "title": "Detection Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "correlation_hash",
                                            "threat_name",
                                            "machine_name",
                                            "group_name",
                                            "path",
                                            "md5",
                                            "sha256",
                                            "affected_application",
                                            "process_name",
                                            "schedule_etag",
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "scan_result.device.disk_model"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Enum String Fields",
                                          "enum": [
                                            "status",
                                            "type",
                                            "category",
                                            "scan_result.scan_type",
                                            "action_taken"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Device Control UID String Fields",
                                          "enum": [
                                            "device_control.pnp_device_id",
                                            "device_control.device_id"
                                          ]
                                        },
                                        {
                                          "title": "Device Control Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "device_control.access"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "type": "string",
                                        "title": "Detection UID String Fields",
                                        "enum": [
                                          "trace_id",
                                          "scan_id",
                                          "group_id",
                                          "account_id",
                                          "detection_id",
                                          "parent_detection_id",
                                          "id",
                                          "machine_id",
                                          "schedule_id",
                                          "job_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Detection Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "correlation_hash",
                                            "threat_name",
                                            "machine_name",
                                            "group_name",
                                            "path",
                                            "md5",
                                            "sha256",
                                            "affected_application",
                                            "process_name",
                                            "schedule_etag",
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "scan_result.device.disk_model"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Device Control Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "device_control.access"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.started_at_offset",
                                            "agent.plugins.asset_manager.reboot_reasons",
                                            "agent.plugins.endpoint_protection.reboot_reasons",
                                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                            "agent.plugins.incident_response.reboot_reasons",
                                            "agent.plugins.siem.reboot_reasons"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Boolean (Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "Detection Boolean Fields",
                                          "enum": [
                                            "is_root_detection",
                                            "is_rtp_stream_event"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "title": "Value to search. Must be true or false",
                                      "type": "boolean"
                                    }
                                  }
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Date Fields",
                                          "enum": [
                                            "scanned_at",
                                            "reported_at",
                                            "cleaned_at"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Device Control Date Fields",
                                          "enum": [
                                            "device_control.timestamp"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "IP Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "Detection UID String Fields",
                                          "enum": [
                                            "trace_id",
                                            "scan_id",
                                            "group_id",
                                            "account_id",
                                            "detection_id",
                                            "parent_detection_id",
                                            "id",
                                            "machine_id",
                                            "schedule_id",
                                            "job_id"
                                          ]
                                        },
                                        {
                                          "title": "Detection Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "correlation_hash",
                                            "threat_name",
                                            "machine_name",
                                            "group_name",
                                            "path",
                                            "md5",
                                            "sha256",
                                            "affected_application",
                                            "process_name",
                                            "schedule_etag",
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "scan_result.device.disk_model"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Enum String Fields",
                                          "enum": [
                                            "status",
                                            "type",
                                            "category",
                                            "scan_result.scan_type",
                                            "action_taken"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        },
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Date Fields",
                                          "enum": [
                                            "scanned_at",
                                            "reported_at",
                                            "cleaned_at"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Detection Boolean Fields",
                                          "enum": [
                                            "is_root_detection",
                                            "is_rtp_stream_event"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Device Control UID String Fields",
                                          "enum": [
                                            "device_control.pnp_device_id",
                                            "device_control.device_id"
                                          ]
                                        },
                                        {
                                          "title": "Device Control Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "device_control.physical_disk_name",
                                            "device_control.disk_interface",
                                            "device_control.manufacturer",
                                            "device_control.serial_number",
                                            "device_control.file_system",
                                            "device_control.volume_name",
                                            "device_control.volume_serial",
                                            "device_control.volume_device_path",
                                            "device_control.access"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Device Control Date Fields",
                                          "enum": [
                                            "device_control.timestamp"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "trace_id",
                                  "value": "ccb84b33-2d8e-4dcb-94a0-922fc669ce4a",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "Device Control aggregation fields",
                              "enum": [
                                "trace_id",
                                "scan_id",
                                "machine_id",
                                "group_id",
                                "account_id",
                                "detection_id",
                                "parent_detection_id",
                                "correlation_hash",
                                "status",
                                "threat_name",
                                "type",
                                "path",
                                "category",
                                "md5",
                                "affected_application",
                                "process_name",
                                "machine_name",
                                "daily_detections_by_category",
                                "protection_status",
                                "agent.os_info.os_release_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "agent.nics.description",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.host_name",
                                "agent.fully_qualified_host_name",
                                "agent.plugins.asset_manager.plugin_version",
                                "agent.plugins.asset_manager.reboot_reason",
                                "agent.plugins.endpoint_protection.plugin_version",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.plugins.endpoint_protection.update_package_version",
                                "agent.plugins.endpoint_protection.reboot_reason",
                                "agent.plugins.endpoint_detection_response.plugin_version",
                                "agent.plugins.endpoint_detection_response.reboot_reason",
                                "agent.plugins.endpoint_detection_and_response.plugin_version",
                                "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                "agent.plugins.incident_response.plugin_version",
                                "agent.plugins.incident_response.reboot_reason",
                                "agent.plugins.siem.plugin_version",
                                "agent.plugins.browser_phishing_protection.plugin_version",
                                "agent.plugins.siem.reboot_reason",
                                "agent.engine_version",
                                "agent.domain_name",
                                "agent.policy_etag",
                                "agent.last_user",
                                "agent.object_guid",
                                "device_control.physical_disk_name",
                                "device_control.pnp_device_id",
                                "device_control.device_id",
                                "device_control.disk_interface",
                                "device_control.manufacturer",
                                "device_control.serial_number",
                                "device_control.file_system",
                                "device_control.volume_name",
                                "device_control.volume_serial",
                                "device_control.volume_device_path",
                                "device_control.block_status",
                                "device_control.drive_compressed",
                                "device_control.timestamp"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "If the sort field is used, then sort_order is required.",
                            "enum": [
                              "trace_id",
                              "scan_id",
                              "machine_id",
                              "group_id",
                              "account_id",
                              "detection_id",
                              "parent_detection_id",
                              "correlation_hash",
                              "status",
                              "threat_name.keyword",
                              "type",
                              "path.keyword",
                              "category",
                              "md5",
                              "sha256",
                              "affected_application.keyword",
                              "process_name.keyword",
                              "machine_name.keyword",
                              "scanned_at",
                              "reported_at",
                              "cleaned_at",
                              "is_root_detection",
                              "is_rtp_stream_event",
                              "object_guid",
                              "device_control.physical_disk_name",
                              "device_control.pnp_device_id",
                              "device_control.device_id",
                              "device_control.disk_interface",
                              "device_control.manufacturer",
                              "device_control.serial_number",
                              "device_control.file_system",
                              "device_control.volume_name",
                              "device_control.volume_serial",
                              "device_control.volume_device_path",
                              "device_control.block_status",
                              "device_control.drive_compressed",
                              "device_control.timestamp"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "Device Control Groupby Fields",
                          "enum": [
                            "account_id",
                            "group_id",
                            "machine_id",
                            "type",
                            "status",
                            "category",
                            "affected_application",
                            "threat_name",
                            "process_name",
                            "action_taken",
                            "os_info.os_type",
                            "os_info.os_platform",
                            "object_guid",
                            "device_control.serial_number",
                            "device_control.physical_disk_name",
                            "device_control.manufacturer",
                            "device_control.volume_serial",
                            "device_control.volume_name"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Device Control Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.device_control.group"
      }
    },
    "/nebula/v1/grid/dns/export": {
      "post": {
        "description": "Export DNS activity per account",
        "summary": "Export DNS activity",
        "simple_schema": "dns-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "DNS Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "DNS select fields",
                              "enum": [
                                "rule_id",
                                "rule_name",
                                "resolved_ips",
                                "machine_id",
                                "group_id",
                                "group_name",
                                "account_name",
                                "machine_name",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "parent_account_id",
                                "action",
                                "log.policy_id",
                                "log.policy",
                                "log.protocol",
                                "log.query_name",
                                "log.query_name_reversed",
                                "log.resolver_decision",
                                "log.user_id",
                                "log.colo_id",
                                "log.dst_port",
                                "log.query_category_ids",
                                "log.query_size",
                                "log.query_type",
                                "log.src_port",
                                "log.dst_ip",
                                "log.src_ip",
                                "timestamp",
                                "log.datetime",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number",
                                "online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "DNS Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "rule_name",
                                                      "group_name",
                                                      "policy_name",
                                                      "log.policy",
                                                      "log.protocol",
                                                      "log.query_name",
                                                      "log.query_name_reversed",
                                                      "log.resolver_decision"
                                                    ]
                                                  },
                                                  {
                                                    "title": "DNS Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "log.resolver_decision",
                                                      "action"
                                                    ]
                                                  },
                                                  {
                                                    "title": "DNS UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "machine_id",
                                                      "rule_id",
                                                      "group_id",
                                                      "policy_id",
                                                      "account_id",
                                                      "parent_account_id",
                                                      "log.policy_id",
                                                      "log.user_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "DNS UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "id",
                                                    "machine_id",
                                                    "rule_id",
                                                    "group_id",
                                                    "policy_id",
                                                    "account_id",
                                                    "parent_account_id",
                                                    "log.policy_id",
                                                    "log.user_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "rule_name",
                                                      "group_name",
                                                      "policy_name",
                                                      "log.policy",
                                                      "log.protocol",
                                                      "log.query_name",
                                                      "log.query_name_reversed",
                                                      "log.resolver_decision"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "log.colo_id",
                                                      "log.dst_port",
                                                      "log.query_category_ids",
                                                      "log.query_size",
                                                      "log.query_type",
                                                      "log.src_port"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "timestamp",
                                                      "log.datetime"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "DNS IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "log.dst_ip",
                                                      "log.src_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "rule_name",
                                            "value": "Test Rule",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "DNS aggregation fields",
                                        "enum": [
                                          "machine_id",
                                          "group_id",
                                          "rule_id",
                                          "rule_name",
                                          "resolved_ips",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "account_id",
                                          "parent_account_id",
                                          "action",
                                          "log.policy_id",
                                          "log.policy",
                                          "log.protocol",
                                          "log.query_name",
                                          "log.query_name_reversed",
                                          "log.resolver_decision",
                                          "log.user_id",
                                          "log.colo_id",
                                          "log.dst_port",
                                          "log.query_category_ids",
                                          "log.query_size",
                                          "log.query_type",
                                          "log.src_port",
                                          "log.dst_ip",
                                          "log.src_ip",
                                          "timestamp",
                                          "log.datetime",
                                          "agent.at",
                                          "agent.last_user",
                                          "agent.fully_qualified_host_name",
                                          "agent.started_at_local",
                                          "agent.started_at_offset",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.os_info.os_release_name",
                                          "agent.domain_name",
                                          "agent.engine_version",
                                          "agent.policy_etag",
                                          "agent.host_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "machine.tags.alias",
                                          "agent.has_alerts",
                                          "agent.machine_ip",
                                          "agent.object_guid",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.source_location.city",
                                          "agent.source_location.country",
                                          "agent.source_location.country_iso",
                                          "agent.source_location.continent",
                                          "agent.source_location.time_zone",
                                          "agent.source_location.postal_code",
                                          "agent.source_location.subdivisions",
                                          "agent.source_location.anonymous_proxy",
                                          "agent.serial_number",
                                          "daily_logs"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "DNS sort fields",
                                      "enum": [
                                        "machine_id",
                                        "group_id",
                                        "group_name",
                                        "rule_id",
                                        "rule_name",
                                        "resolved_ips",
                                        "policy_id",
                                        "policy_name",
                                        "account_id",
                                        "parent_account_id",
                                        "action",
                                        "log.policy_id",
                                        "log.policy",
                                        "log.protocol",
                                        "log.query_name",
                                        "log.query_name_reversed",
                                        "log.resolver_decision",
                                        "log.user_id",
                                        "log.colo_id",
                                        "log.dst_port",
                                        "log.query_category_ids",
                                        "log.query_size",
                                        "log.query_type",
                                        "log.src_port",
                                        "log.dst_ip",
                                        "log.src_ip",
                                        "timestamp",
                                        "log.datetime",
                                        "agent.at",
                                        "agent.last_user",
                                        "agent.fully_qualified_host_name",
                                        "agent.started_at_local",
                                        "agent.started_at_offset",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.domain_name",
                                        "agent.engine_version",
                                        "agent.policy_etag",
                                        "agent.host_name",
                                        "agent.nics.ips",
                                        "agent.nics.mac_address",
                                        "machine.tags.alias",
                                        "agent.has_alerts",
                                        "agent.machine_ip",
                                        "agent.object_guid",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.country_iso",
                                        "agent.source_location.continent",
                                        "agent.source_location.time_zone",
                                        "agent.source_location.postal_code",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.anonymous_proxy",
                                        "agent.serial_number"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.dns"
      }
    },
    "/nebula/v1/grid/dns/export/async": {
      "post": {
        "description": "Export DNS activity per account",
        "summary": "Export DNS activity asynchronously",
        "simple_schema": "dns-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "DNS Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "DNS select fields",
                              "enum": [
                                "rule_id",
                                "rule_name",
                                "resolved_ips",
                                "machine_id",
                                "group_id",
                                "group_name",
                                "account_name",
                                "machine_name",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "parent_account_id",
                                "action",
                                "log.policy_id",
                                "log.policy",
                                "log.protocol",
                                "log.query_name",
                                "log.query_name_reversed",
                                "log.resolver_decision",
                                "log.user_id",
                                "log.colo_id",
                                "log.dst_port",
                                "log.query_category_ids",
                                "log.query_size",
                                "log.query_type",
                                "log.src_port",
                                "log.dst_ip",
                                "log.src_ip",
                                "timestamp",
                                "log.datetime",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number",
                                "online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "DNS Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "rule_name",
                                                      "group_name",
                                                      "policy_name",
                                                      "log.policy",
                                                      "log.protocol",
                                                      "log.query_name",
                                                      "log.query_name_reversed",
                                                      "log.resolver_decision"
                                                    ]
                                                  },
                                                  {
                                                    "title": "DNS Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "log.resolver_decision",
                                                      "action"
                                                    ]
                                                  },
                                                  {
                                                    "title": "DNS UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "machine_id",
                                                      "rule_id",
                                                      "group_id",
                                                      "policy_id",
                                                      "account_id",
                                                      "parent_account_id",
                                                      "log.policy_id",
                                                      "log.user_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "DNS UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "id",
                                                    "machine_id",
                                                    "rule_id",
                                                    "group_id",
                                                    "policy_id",
                                                    "account_id",
                                                    "parent_account_id",
                                                    "log.policy_id",
                                                    "log.user_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "rule_name",
                                                      "group_name",
                                                      "policy_name",
                                                      "log.policy",
                                                      "log.protocol",
                                                      "log.query_name",
                                                      "log.query_name_reversed",
                                                      "log.resolver_decision"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "log.colo_id",
                                                      "log.dst_port",
                                                      "log.query_category_ids",
                                                      "log.query_size",
                                                      "log.query_type",
                                                      "log.src_port"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "DNS Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "timestamp",
                                                      "log.datetime"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "DNS IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "log.dst_ip",
                                                      "log.src_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "rule_name",
                                            "value": "Test Rule",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "DNS aggregation fields",
                                        "enum": [
                                          "machine_id",
                                          "group_id",
                                          "rule_id",
                                          "rule_name",
                                          "resolved_ips",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "account_id",
                                          "parent_account_id",
                                          "action",
                                          "log.policy_id",
                                          "log.policy",
                                          "log.protocol",
                                          "log.query_name",
                                          "log.query_name_reversed",
                                          "log.resolver_decision",
                                          "log.user_id",
                                          "log.colo_id",
                                          "log.dst_port",
                                          "log.query_category_ids",
                                          "log.query_size",
                                          "log.query_type",
                                          "log.src_port",
                                          "log.dst_ip",
                                          "log.src_ip",
                                          "timestamp",
                                          "log.datetime",
                                          "agent.at",
                                          "agent.last_user",
                                          "agent.fully_qualified_host_name",
                                          "agent.started_at_local",
                                          "agent.started_at_offset",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.os_info.os_release_name",
                                          "agent.domain_name",
                                          "agent.engine_version",
                                          "agent.policy_etag",
                                          "agent.host_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "machine.tags.alias",
                                          "agent.has_alerts",
                                          "agent.machine_ip",
                                          "agent.object_guid",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.source_location.city",
                                          "agent.source_location.country",
                                          "agent.source_location.country_iso",
                                          "agent.source_location.continent",
                                          "agent.source_location.time_zone",
                                          "agent.source_location.postal_code",
                                          "agent.source_location.subdivisions",
                                          "agent.source_location.anonymous_proxy",
                                          "agent.serial_number",
                                          "daily_logs"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "DNS sort fields",
                                      "enum": [
                                        "machine_id",
                                        "group_id",
                                        "group_name",
                                        "rule_id",
                                        "rule_name",
                                        "resolved_ips",
                                        "policy_id",
                                        "policy_name",
                                        "account_id",
                                        "parent_account_id",
                                        "action",
                                        "log.policy_id",
                                        "log.policy",
                                        "log.protocol",
                                        "log.query_name",
                                        "log.query_name_reversed",
                                        "log.resolver_decision",
                                        "log.user_id",
                                        "log.colo_id",
                                        "log.dst_port",
                                        "log.query_category_ids",
                                        "log.query_size",
                                        "log.query_type",
                                        "log.src_port",
                                        "log.dst_ip",
                                        "log.src_ip",
                                        "timestamp",
                                        "log.datetime",
                                        "agent.at",
                                        "agent.last_user",
                                        "agent.fully_qualified_host_name",
                                        "agent.started_at_local",
                                        "agent.started_at_offset",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.domain_name",
                                        "agent.engine_version",
                                        "agent.policy_etag",
                                        "agent.host_name",
                                        "agent.nics.ips",
                                        "agent.nics.mac_address",
                                        "machine.tags.alias",
                                        "agent.has_alerts",
                                        "agent.machine_ip",
                                        "agent.object_guid",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.country_iso",
                                        "agent.source_location.continent",
                                        "agent.source_location.time_zone",
                                        "agent.source_location.postal_code",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.anonymous_proxy",
                                        "agent.serial_number"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.dns.async"
      }
    },
    "/nebula/v1/grid/dns/search": {
      "post": {
        "description": "Search DNS activity per account",
        "summary": "Search DNS activity",
        "simple_schema": "dns-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "DNS Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "DNS Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "rule_name",
                                        "group_name",
                                        "policy_name",
                                        "log.policy",
                                        "log.protocol",
                                        "log.query_name",
                                        "log.query_name_reversed",
                                        "log.resolver_decision"
                                      ]
                                    },
                                    {
                                      "title": "DNS Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "log.resolver_decision",
                                        "action"
                                      ]
                                    },
                                    {
                                      "title": "DNS UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "id",
                                        "machine_id",
                                        "rule_id",
                                        "group_id",
                                        "policy_id",
                                        "account_id",
                                        "parent_account_id",
                                        "log.policy_id",
                                        "log.user_id"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "DNS UID String Fields",
                                    "type": "string",
                                    "enum": [
                                      "id",
                                      "machine_id",
                                      "rule_id",
                                      "group_id",
                                      "policy_id",
                                      "account_id",
                                      "parent_account_id",
                                      "log.policy_id",
                                      "log.user_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "DNS Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "rule_name",
                                        "group_name",
                                        "policy_name",
                                        "log.policy",
                                        "log.protocol",
                                        "log.query_name",
                                        "log.query_name_reversed",
                                        "log.resolver_decision"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "DNS Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "log.colo_id",
                                        "log.dst_port",
                                        "log.query_category_ids",
                                        "log.query_size",
                                        "log.query_type",
                                        "log.src_port"
                                      ]
                                    },
                                    {
                                      "title": "Agent Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.started_at_offset",
                                        "agent.plugins.asset_manager.reboot_reasons",
                                        "agent.plugins.endpoint_protection.reboot_reasons",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                        "agent.plugins.incident_response.reboot_reasons",
                                        "agent.plugins.siem.reboot_reasons"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "DNS Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "timestamp",
                                        "log.datetime"
                                      ]
                                    },
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "IP Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "DNS IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "log.dst_ip",
                                        "log.src_ip"
                                      ]
                                    },
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "ip"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "rule_name",
                              "value": "Test Rule",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "DNS aggregation fields",
                          "enum": [
                            "machine_id",
                            "group_id",
                            "rule_id",
                            "rule_name",
                            "resolved_ips",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "account_id",
                            "parent_account_id",
                            "action",
                            "log.policy_id",
                            "log.policy",
                            "log.protocol",
                            "log.query_name",
                            "log.query_name_reversed",
                            "log.resolver_decision",
                            "log.user_id",
                            "log.colo_id",
                            "log.dst_port",
                            "log.query_category_ids",
                            "log.query_size",
                            "log.query_type",
                            "log.src_port",
                            "log.dst_ip",
                            "log.src_ip",
                            "timestamp",
                            "log.datetime",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number",
                            "daily_logs"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "DNS sort fields",
                        "enum": [
                          "machine_id",
                          "group_id",
                          "group_name",
                          "rule_id",
                          "rule_name",
                          "resolved_ips",
                          "policy_id",
                          "policy_name",
                          "account_id",
                          "parent_account_id",
                          "action",
                          "log.policy_id",
                          "log.policy",
                          "log.protocol",
                          "log.query_name",
                          "log.query_name_reversed",
                          "log.resolver_decision",
                          "log.user_id",
                          "log.colo_id",
                          "log.dst_port",
                          "log.query_category_ids",
                          "log.query_size",
                          "log.query_type",
                          "log.src_port",
                          "log.dst_ip",
                          "log.src_ip",
                          "timestamp",
                          "log.datetime",
                          "agent.at",
                          "agent.last_user",
                          "agent.fully_qualified_host_name",
                          "agent.started_at_local",
                          "agent.started_at_offset",
                          "agent.os_info.os_type",
                          "agent.os_info.os_version",
                          "agent.os_info.os_platform",
                          "agent.os_info.os_architecture",
                          "agent.os_info.os_release_name",
                          "agent.domain_name",
                          "agent.engine_version",
                          "agent.policy_etag",
                          "agent.host_name",
                          "agent.nics.ips",
                          "agent.nics.mac_address",
                          "machine.tags.alias",
                          "agent.has_alerts",
                          "agent.machine_ip",
                          "agent.object_guid",
                          "agent.plugins.endpoint_protection.sdk_version",
                          "agent.plugins.endpoint_protection.component_package_version",
                          "agent.source_location.city",
                          "agent.source_location.country",
                          "agent.source_location.country_iso",
                          "agent.source_location.continent",
                          "agent.source_location.time_zone",
                          "agent.source_location.postal_code",
                          "agent.source_location.subdivisions",
                          "agent.source_location.anonymous_proxy",
                          "agent.serial_number"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search DNS Logs result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "id": {
                            "type": "string"
                          },
                          "@timestamp": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "account_id": {
                            "type": "string"
                          },
                          "policy_id": {
                            "type": "string"
                          },
                          "policy_name": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "action": {
                            "type": "string"
                          },
                          "log": {
                            "properties": {
                              "colo_id": {
                                "type": "number"
                              },
                              "datetime": {
                                "type": "string"
                              },
                              "device_id": {
                                "type": "string"
                              },
                              "dst_ip": {
                                "type": "string"
                              },
                              "dst_port": {
                                "type": "integer"
                              },
                              "email": {
                                "type": "string"
                              },
                              "location": {
                                "type": "string"
                              },
                              "policy": {
                                "type": "string"
                              },
                              "policy_id": {
                                "type": "string"
                              },
                              "protocol": {
                                "type": "string"
                              },
                              "query_category_ids": {
                                "type": "array"
                              },
                              "query_name": {
                                "type": "string"
                              },
                              "query_name_reversed": {
                                "type": "string"
                              },
                              "query_size": {
                                "type": "number"
                              },
                              "query_type": {
                                "type": "integer"
                              },
                              "resolver_decision": {
                                "type": "string"
                              },
                              "src_ip": {
                                "type": "string"
                              },
                              "src_port": {
                                "type": "integer"
                              },
                              "user_id": {
                                "type": "string"
                              }
                            }
                          },
                          "rule_id": {
                            "type": "string",
                            "description": "Content filtering rule id"
                          },
                          "rule_name": {
                            "type": "string",
                            "description": "Content filtering rule name"
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "results",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.dns"
      }
    },
    "/nebula/v1/grid/dns/search-groupby": {
      "post": {
        "description": "Search grouped DNS activity per account",
        "summary": "Search grouped DNS activity",
        "simple_schema": "dns-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "DNS Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "DNS Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "DNS Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "rule_name",
                                            "group_name",
                                            "policy_name",
                                            "log.policy",
                                            "log.protocol",
                                            "log.query_name",
                                            "log.query_name_reversed",
                                            "log.resolver_decision"
                                          ]
                                        },
                                        {
                                          "title": "DNS Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "log.resolver_decision",
                                            "action"
                                          ]
                                        },
                                        {
                                          "title": "DNS UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "id",
                                            "machine_id",
                                            "rule_id",
                                            "group_id",
                                            "policy_id",
                                            "account_id",
                                            "parent_account_id",
                                            "log.policy_id",
                                            "log.user_id"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "DNS UID String Fields",
                                        "type": "string",
                                        "enum": [
                                          "id",
                                          "machine_id",
                                          "rule_id",
                                          "group_id",
                                          "policy_id",
                                          "account_id",
                                          "parent_account_id",
                                          "log.policy_id",
                                          "log.user_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "DNS Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "rule_name",
                                            "group_name",
                                            "policy_name",
                                            "log.policy",
                                            "log.protocol",
                                            "log.query_name",
                                            "log.query_name_reversed",
                                            "log.resolver_decision"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "DNS Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "log.colo_id",
                                            "log.dst_port",
                                            "log.query_category_ids",
                                            "log.query_size",
                                            "log.query_type",
                                            "log.src_port"
                                          ]
                                        },
                                        {
                                          "title": "Agent Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.started_at_offset",
                                            "agent.plugins.asset_manager.reboot_reasons",
                                            "agent.plugins.endpoint_protection.reboot_reasons",
                                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                            "agent.plugins.incident_response.reboot_reasons",
                                            "agent.plugins.siem.reboot_reasons"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "DNS Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "timestamp",
                                            "log.datetime"
                                          ]
                                        },
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "IP Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "DNS IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "log.dst_ip",
                                            "log.src_ip"
                                          ]
                                        },
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "rule_name",
                                  "value": "Test Rule",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "DNS aggregation fields",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "rule_id",
                                "rule_name",
                                "resolved_ips",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "account_id",
                                "parent_account_id",
                                "action",
                                "log.policy_id",
                                "log.policy",
                                "log.protocol",
                                "log.query_name",
                                "log.query_name_reversed",
                                "log.resolver_decision",
                                "log.user_id",
                                "log.colo_id",
                                "log.dst_port",
                                "log.query_category_ids",
                                "log.query_size",
                                "log.query_type",
                                "log.src_port",
                                "log.dst_ip",
                                "log.src_ip",
                                "timestamp",
                                "log.datetime",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number",
                                "daily_logs"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "DNS sort fields",
                            "enum": [
                              "machine_id",
                              "group_id",
                              "group_name",
                              "rule_id",
                              "rule_name",
                              "resolved_ips",
                              "policy_id",
                              "policy_name",
                              "account_id",
                              "parent_account_id",
                              "action",
                              "log.policy_id",
                              "log.policy",
                              "log.protocol",
                              "log.query_name",
                              "log.query_name_reversed",
                              "log.resolver_decision",
                              "log.user_id",
                              "log.colo_id",
                              "log.dst_port",
                              "log.query_category_ids",
                              "log.query_size",
                              "log.query_type",
                              "log.src_port",
                              "log.dst_ip",
                              "log.src_ip",
                              "timestamp",
                              "log.datetime",
                              "agent.at",
                              "agent.last_user",
                              "agent.fully_qualified_host_name",
                              "agent.started_at_local",
                              "agent.started_at_offset",
                              "agent.os_info.os_type",
                              "agent.os_info.os_version",
                              "agent.os_info.os_platform",
                              "agent.os_info.os_architecture",
                              "agent.os_info.os_release_name",
                              "agent.domain_name",
                              "agent.engine_version",
                              "agent.policy_etag",
                              "agent.host_name",
                              "agent.nics.ips",
                              "agent.nics.mac_address",
                              "machine.tags.alias",
                              "agent.has_alerts",
                              "agent.machine_ip",
                              "agent.object_guid",
                              "agent.plugins.endpoint_protection.sdk_version",
                              "agent.plugins.endpoint_protection.component_package_version",
                              "agent.source_location.city",
                              "agent.source_location.country",
                              "agent.source_location.country_iso",
                              "agent.source_location.continent",
                              "agent.source_location.time_zone",
                              "agent.source_location.postal_code",
                              "agent.source_location.subdivisions",
                              "agent.source_location.anonymous_proxy",
                              "agent.serial_number"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "DNS Groupby Fields",
                          "enum": [
                            "rule_id",
                            "rule_name",
                            "machine_id",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "account_id",
                            "parent_account_id",
                            "action",
                            "log.policy_id",
                            "log.policy",
                            "log.protocol",
                            "log.query_name",
                            "log.query_name_reversed",
                            "log.resolver_decision",
                            "log.user_id",
                            "log.colo_id",
                            "log.dst_port",
                            "log.query_category_ids",
                            "log.query_size",
                            "log.query_type",
                            "log.src_port",
                            "log.dst_ip",
                            "log.src_ip",
                            "timestamp",
                            "log.datetime",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "machine.tags.alias",
                            "agent.has_alerts",
                            "agent.machine_ip",
                            "agent.object_guid",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.source_location.city",
                            "agent.source_location.country",
                            "agent.source_location.country_iso",
                            "agent.source_location.continent",
                            "agent.source_location.time_zone",
                            "agent.source_location.postal_code",
                            "agent.source_location.subdivisions",
                            "agent.source_location.anonymous_proxy",
                            "agent.serial_number"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post DNS Logs Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.dns.group"
      }
    },
    "/nebula/v1/grid/endpoints/export/async": {
      "post": {
        "description": "Export endpoints per account",
        "summary": "Export endpoints asynchronously",
        "simple_schema": "endpoint-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Endpoint export request",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "required": [
                      "endpoints"
                    ],
                    "properties": {
                      "endpoints": {
                        "type": "array",
                        "title": "Endpoints IDs",
                        "items": {
                          "type": "object",
                          "title": "Explicit list of endpoints",
                          "required": [
                            "id"
                          ],
                          "properties": {
                            "id": {
                              "type": "string",
                              "title": "ID of the endpoint",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      },
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Endpoint select fields",
                              "enum": [
                                "machine.is_deleted",
                                "machine.scan_age_days",
                                "machine.root_group_id",
                                "machine.last_day_seen",
                                "machine.isolated",
                                "machine.suspicious_activity_count",
                                "machine.infection_count",
                                "machine.reboot_required",
                                "machine.last_scanned_at",
                                "machine.group_name",
                                "machine.policy_id",
                                "machine.policy_name",
                                "machine.tags",
                                "machine.group_id",
                                "machine.id",
                                "machine.account_id",
                                "machine.online",
                                "machine.created_at",
                                "machine.job.status",
                                "machine.account.name",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.is_software_update_available",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.available_software_updates.sdk_version.new",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.plugins.endpoint_protection.update_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number",
                                "protection_status",
                                "stats.assets.vulnerabilities_found",
                                "stats.assets.os_patches_available",
                                "stats.assets.last_scanned_at",
                                "stats.app_block_count",
                                "connected",
                                "agent.plugins.browser_phishing_protection.plugin_version"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch endpoints",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Endpoint Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.id",
                                                      "machine.group_id",
                                                      "machine.root_group_id",
                                                      "machine.policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Machine UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "machine.id",
                                                    "machine.group_id",
                                                    "machine.root_group_id",
                                                    "machine.policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.is_software_update_available",
                                                      "agent.has_alerts"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.is_deleted",
                                                      "machine.isolated",
                                                      "connected"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.suspicious_activity_count",
                                                      "machine.infection_count",
                                                      "machine.reboot_required",
                                                      "stats.assets.vulnerabilities_found.total"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.deleted_at",
                                                      "machine.last_day_seen",
                                                      "machine.last_scanned_at",
                                                      "machine.created_at",
                                                      "stats.assets.last_scanned_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MWB Version Constraints (gt, gte, lt, lte, equals)",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent MWB Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.engine_version"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "mwb_version"
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Version Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "string",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "string",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "string",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "string",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Version",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "value"
                                                ],
                                                "properties": {
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.id",
                                                      "machine.group_id",
                                                      "machine.root_group_id",
                                                      "machine.policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.suspicious_activity_count",
                                                      "machine.infection_count",
                                                      "machine.reboot_required",
                                                      "stats.assets.vulnerabilities_found.total"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.is_software_update_available",
                                                      "agent.has_alerts"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.is_deleted",
                                                      "machine.isolated",
                                                      "connected"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "host_name",
                                            "value": "DESKTOP-PHASHA",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {},
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Endpoint sort fields",
                                      "enum": [
                                        "agent.at",
                                        "agent.nics.ips",
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.reboot_reason",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.reboot_reason",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.reboot_reason",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.reboot_reason",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.engine_version",
                                        "agent.domain_name",
                                        "agent.policy_etag",
                                        "machine.account_id",
                                        "machine.account.name",
                                        "machine.group_id",
                                        "machine.root_group_id",
                                        "machine.group_name",
                                        "machine.policy_name",
                                        "machine.policy_id",
                                        "machine.deleted_at",
                                        "machine.created_at",
                                        "machine.marked_for_deletion",
                                        "machine.is_deleted",
                                        "machine.last_day_seen",
                                        "machine.last_scanned_at",
                                        "agent.last_user",
                                        "machine.tags.alias",
                                        "display_name",
                                        "name_multi_search",
                                        "agent.machine_ip",
                                        "agent.serial_number",
                                        "agent.object_guid",
                                        "stats.assets.vulnerabilities_found.critical",
                                        "stats.assets.vulnerabilities_found.high",
                                        "stats.assets.vulnerabilities_found.medium",
                                        "stats.assets.vulnerabilities_found.low",
                                        "stats.assets.vulnerabilities_found.none",
                                        "stats.assets.vulnerabilities_found.total",
                                        "stats.assets.os_patches_available",
                                        "stats.assets.last_scanned_at",
                                        "connected"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.endpoints.async"
      }
    },
    "/nebula/v1/grid/endpoints/export": {
      "post": {
        "description": "Export endpoints per account",
        "summary": "Export endpoints",
        "simple_schema": "endpoint-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Endpoint export request",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "required": [
                      "endpoints"
                    ],
                    "properties": {
                      "endpoints": {
                        "type": "array",
                        "title": "Endpoints IDs",
                        "items": {
                          "type": "object",
                          "title": "Explicit list of endpoints",
                          "required": [
                            "id"
                          ],
                          "properties": {
                            "id": {
                              "type": "string",
                              "title": "ID of the endpoint",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      },
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Endpoint select fields",
                              "enum": [
                                "machine.is_deleted",
                                "machine.scan_age_days",
                                "machine.root_group_id",
                                "machine.last_day_seen",
                                "machine.isolated",
                                "machine.suspicious_activity_count",
                                "machine.infection_count",
                                "machine.reboot_required",
                                "machine.last_scanned_at",
                                "machine.group_name",
                                "machine.policy_id",
                                "machine.policy_name",
                                "machine.tags",
                                "machine.group_id",
                                "machine.id",
                                "machine.account_id",
                                "machine.online",
                                "machine.created_at",
                                "machine.job.status",
                                "machine.account.name",
                                "agent.at",
                                "agent.last_user",
                                "agent.fully_qualified_host_name",
                                "agent.started_at_local",
                                "agent.started_at_offset",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.os_info.os_release_name",
                                "agent.domain_name",
                                "agent.engine_version",
                                "agent.policy_etag",
                                "agent.host_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "machine.tags.alias",
                                "agent.is_software_update_available",
                                "agent.has_alerts",
                                "agent.machine_ip",
                                "agent.object_guid",
                                "agent.available_software_updates.sdk_version.new",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.plugins.endpoint_protection.update_package_version",
                                "agent.source_location.city",
                                "agent.source_location.country",
                                "agent.source_location.country_iso",
                                "agent.source_location.continent",
                                "agent.source_location.time_zone",
                                "agent.source_location.postal_code",
                                "agent.source_location.subdivisions",
                                "agent.source_location.anonymous_proxy",
                                "agent.serial_number",
                                "protection_status",
                                "stats.assets.vulnerabilities_found",
                                "stats.assets.os_patches_available",
                                "stats.assets.last_scanned_at",
                                "stats.app_block_count",
                                "connected",
                                "agent.plugins.browser_phishing_protection.plugin_version"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch endpoints",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Endpoint Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.id",
                                                      "machine.group_id",
                                                      "machine.root_group_id",
                                                      "machine.policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Machine UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "machine.id",
                                                    "machine.group_id",
                                                    "machine.root_group_id",
                                                    "machine.policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.is_software_update_available",
                                                      "agent.has_alerts"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.is_deleted",
                                                      "machine.isolated",
                                                      "connected"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.suspicious_activity_count",
                                                      "machine.infection_count",
                                                      "machine.reboot_required",
                                                      "stats.assets.vulnerabilities_found.total"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.deleted_at",
                                                      "machine.last_day_seen",
                                                      "machine.last_scanned_at",
                                                      "machine.created_at",
                                                      "stats.assets.last_scanned_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MWB Version Constraints (gt, gte, lt, lte, equals)",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent MWB Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.engine_version"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "mwb_version"
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Version Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "string",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "string",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "string",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "string",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Version",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "value"
                                                ],
                                                "properties": {
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.id",
                                                      "machine.group_id",
                                                      "machine.root_group_id",
                                                      "machine.policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.suspicious_activity_count",
                                                      "machine.infection_count",
                                                      "machine.reboot_required",
                                                      "stats.assets.vulnerabilities_found.total"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.is_software_update_available",
                                                      "agent.has_alerts"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.is_deleted",
                                                      "machine.isolated",
                                                      "connected"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "host_name",
                                            "value": "DESKTOP-PHASHA",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {},
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Endpoint sort fields",
                                      "enum": [
                                        "agent.at",
                                        "agent.nics.ips",
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.reboot_reason",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.reboot_reason",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.reboot_reason",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.reboot_reason",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.engine_version",
                                        "agent.domain_name",
                                        "agent.policy_etag",
                                        "machine.account_id",
                                        "machine.account.name",
                                        "machine.group_id",
                                        "machine.root_group_id",
                                        "machine.group_name",
                                        "machine.policy_name",
                                        "machine.policy_id",
                                        "machine.deleted_at",
                                        "machine.created_at",
                                        "machine.marked_for_deletion",
                                        "machine.is_deleted",
                                        "machine.last_day_seen",
                                        "machine.last_scanned_at",
                                        "agent.last_user",
                                        "machine.tags.alias",
                                        "display_name",
                                        "name_multi_search",
                                        "agent.machine_ip",
                                        "agent.serial_number",
                                        "agent.object_guid",
                                        "stats.assets.vulnerabilities_found.critical",
                                        "stats.assets.vulnerabilities_found.high",
                                        "stats.assets.vulnerabilities_found.medium",
                                        "stats.assets.vulnerabilities_found.low",
                                        "stats.assets.vulnerabilities_found.none",
                                        "stats.assets.vulnerabilities_found.total",
                                        "stats.assets.os_patches_available",
                                        "stats.assets.last_scanned_at",
                                        "connected"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.endpoints"
      }
    },
    "/nebula/v1/grid/endpoints/search": {
      "post": {
        "description": "Search endpoints per account",
        "summary": "Search endpoints",
        "simple_schema": "endpoint-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "Endpoint Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Machine UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.id",
                                        "machine.group_id",
                                        "machine.root_group_id",
                                        "machine.policy_id"
                                      ]
                                    },
                                    {
                                      "title": "Machine Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "protection_status",
                                        "machine.tags.alias",
                                        "machine.reboot_required_reason",
                                        "machine.group_name",
                                        "machine.policy_name"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "Machine UID String Fields",
                                    "type": "string",
                                    "enum": [
                                      "machine.id",
                                      "machine.group_id",
                                      "machine.root_group_id",
                                      "machine.policy_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Machine Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "protection_status",
                                        "machine.tags.alias",
                                        "machine.reboot_required_reason",
                                        "machine.group_name",
                                        "machine.policy_name"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Boolean (Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent Boolean Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.is_software_update_available",
                                        "agent.has_alerts"
                                      ]
                                    },
                                    {
                                      "title": "Machine Boolean Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.is_deleted",
                                        "machine.isolated",
                                        "connected"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "title": "Value to search. Must be true or false",
                                  "type": "boolean"
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.started_at_offset",
                                        "agent.plugins.asset_manager.reboot_reasons",
                                        "agent.plugins.endpoint_protection.reboot_reasons",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                        "agent.plugins.incident_response.reboot_reasons",
                                        "agent.plugins.siem.reboot_reasons"
                                      ]
                                    },
                                    {
                                      "title": "Machine Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.suspicious_activity_count",
                                        "machine.infection_count",
                                        "machine.reboot_required",
                                        "stats.assets.vulnerabilities_found.total"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    },
                                    {
                                      "title": "Machine Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.deleted_at",
                                        "machine.last_day_seen",
                                        "machine.last_scanned_at",
                                        "machine.created_at",
                                        "stats.assets.last_scanned_at"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "IP Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "ip"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "MWB Version Constraints (gt, gte, lt, lte, equals)",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent MWB Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.engine_version"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "mwb_version"
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Version Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "string",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "string",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "string",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "string",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Version",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "value"
                                  ],
                                  "properties": {
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Machine UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.id",
                                        "machine.group_id",
                                        "machine.root_group_id",
                                        "machine.policy_id"
                                      ]
                                    },
                                    {
                                      "title": "Machine Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "protection_status",
                                        "machine.tags.alias",
                                        "machine.reboot_required_reason",
                                        "machine.group_name",
                                        "machine.policy_name"
                                      ]
                                    },
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    },
                                    {
                                      "title": "Agent Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.started_at_offset",
                                        "agent.plugins.asset_manager.reboot_reasons",
                                        "agent.plugins.endpoint_protection.reboot_reasons",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                        "agent.plugins.incident_response.reboot_reasons",
                                        "agent.plugins.siem.reboot_reasons"
                                      ]
                                    },
                                    {
                                      "title": "Machine Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.suspicious_activity_count",
                                        "machine.infection_count",
                                        "machine.reboot_required",
                                        "stats.assets.vulnerabilities_found.total"
                                      ]
                                    },
                                    {
                                      "title": "Agent Boolean Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.is_software_update_available",
                                        "agent.has_alerts"
                                      ]
                                    },
                                    {
                                      "title": "Machine Boolean Fields",
                                      "type": "string",
                                      "enum": [
                                        "machine.is_deleted",
                                        "machine.isolated",
                                        "connected"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "host_name",
                              "value": "DESKTOP-PHASHA",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {},
                      "sort_field": {
                        "type": "string",
                        "title": "Endpoint sort fields",
                        "enum": [
                          "agent.at",
                          "agent.nics.ips",
                          "agent.nics.mac_address",
                          "agent.nics.description",
                          "agent.os_info.os_type",
                          "agent.os_info.os_version",
                          "agent.os_info.os_platform",
                          "agent.os_info.os_architecture",
                          "agent.os_info.os_release_name",
                          "agent.host_name",
                          "agent.fully_qualified_host_name",
                          "agent.plugins.asset_manager.plugin_version",
                          "agent.plugins.asset_manager.reboot_reason",
                          "agent.plugins.endpoint_protection.plugin_version",
                          "agent.plugins.endpoint_protection.sdk_version",
                          "agent.plugins.endpoint_protection.component_package_version",
                          "agent.plugins.endpoint_protection.update_package_version",
                          "agent.plugins.endpoint_protection.reboot_reason",
                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                          "agent.plugins.endpoint_detection_and_response.reboot_reason",
                          "agent.plugins.incident_response.plugin_version",
                          "agent.plugins.incident_response.reboot_reason",
                          "agent.plugins.siem.plugin_version",
                          "agent.plugins.siem.reboot_reason",
                          "agent.plugins.browser_phishing_protection.plugin_version",
                          "agent.engine_version",
                          "agent.domain_name",
                          "agent.policy_etag",
                          "machine.account_id",
                          "machine.account.name",
                          "machine.group_id",
                          "machine.root_group_id",
                          "machine.group_name",
                          "machine.policy_name",
                          "machine.policy_id",
                          "machine.deleted_at",
                          "machine.created_at",
                          "machine.marked_for_deletion",
                          "machine.is_deleted",
                          "machine.last_day_seen",
                          "machine.last_scanned_at",
                          "agent.last_user",
                          "machine.tags.alias",
                          "display_name",
                          "name_multi_search",
                          "agent.machine_ip",
                          "agent.serial_number",
                          "agent.object_guid",
                          "stats.assets.vulnerabilities_found.critical",
                          "stats.assets.vulnerabilities_found.high",
                          "stats.assets.vulnerabilities_found.medium",
                          "stats.assets.vulnerabilities_found.low",
                          "stats.assets.vulnerabilities_found.none",
                          "stats.assets.vulnerabilities_found.total",
                          "stats.assets.os_patches_available",
                          "stats.assets.last_scanned_at",
                          "connected"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search endpoints",
                  "required": [
                    "endpoints",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "aggregations": {
                      "type": "object",
                      "additionalProperties": true
                    },
                    "endpoints": {
                      "type": "array",
                      "title": "Endpoints",
                      "items": {
                        "type": "object",
                        "title": "Endpoint items",
                        "additionalProperties": true,
                        "properties": {
                          "link": {
                            "type": "string",
                            "title": "Link"
                          },
                          "protection_status": {
                            "type": "string",
                            "title": "Protection Status"
                          },
                          "display_name": {
                            "type": "string",
                            "title": "Display Name"
                          },
                          "agent": {
                            "type": "object",
                            "title": "Agent",
                            "additionalProperties": true,
                            "properties": {
                              "is_software_update_available": {
                                "type": "boolean",
                                "title": "Indicates whether the agent has an available update"
                              },
                              "has_alerts": {
                                "type": "boolean",
                                "title": "Indicates whether the endpoint needs attention"
                              },
                              "last_user": {
                                "type": "string",
                                "title": "The last user logging in"
                              },
                              "at": {
                                "type": "string",
                                "title": "Reported At"
                              },
                              "machine_id": {
                                "type": "string",
                                "title": "Endpoint ID"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID"
                              },
                              "group_id": {
                                "type": "string",
                                "title": "Group ID"
                              },
                              "nics": {
                                "type": "array",
                                "title": "Nics",
                                "items": {
                                  "type": "object",
                                  "title": "Nics items",
                                  "properties": {
                                    "ips": {
                                      "type": "array",
                                      "title": "IPs",
                                      "items": {
                                        "type": "string",
                                        "title": "IP items"
                                      }
                                    },
                                    "description": {
                                      "type": "string",
                                      "title": "Description"
                                    },
                                    "mac_address": {
                                      "type": "string",
                                      "title": "Mac address"
                                    }
                                  }
                                }
                              },
                              "os_info": {
                                "type": "object",
                                "title": "Os info",
                                "properties": {
                                  "os_type": {
                                    "type": "string",
                                    "title": "OS type"
                                  },
                                  "os_version": {
                                    "type": "string",
                                    "title": "OS version"
                                  },
                                  "os_platform": {
                                    "type": "string",
                                    "title": "OS platform"
                                  },
                                  "os_architecture": {
                                    "type": "string",
                                    "title": "OS architecture"
                                  },
                                  "os_release_name": {
                                    "type": "string",
                                    "title": "OS release name"
                                  }
                                }
                              },
                              "domain_name": {
                                "type": "string",
                                "title": "Domain name"
                              },
                              "host_name": {
                                "type": "string",
                                "title": "Host name"
                              },
                              "fully_qualified_host_name": {
                                "type": "string",
                                "title": "Fully qualified host name"
                              },
                              "object_guid": {
                                "type": "string",
                                "title": "Object guid"
                              },
                              "plugins": {
                                "type": "object",
                                "title": "Plugins",
                                "properties": {
                                  "incident_response": {
                                    "type": "object",
                                    "title": "Incident response",
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "Product name"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Plugin version"
                                      },
                                      "update_package_version": {
                                        "type": "string",
                                        "title": "Update package version"
                                      },
                                      "component_package_version": {
                                        "type": "string",
                                        "title": "Component package version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  "endpoint_protection": {
                                    "type": "object",
                                    "title": "Endpoint protection plugin",
                                    "properties": {
                                      "sdk_version": {
                                        "type": "string",
                                        "title": "SDK version plugin"
                                      },
                                      "product_name": {
                                        "type": "string",
                                        "title": "Name of the product"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Version of the product"
                                      },
                                      "update_package_version": {
                                        "type": "string",
                                        "title": "Update version"
                                      },
                                      "component_package_version": {
                                        "type": "string",
                                        "title": "Component version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  "asset_manager": {
                                    "type": "object",
                                    "title": "Asset manager",
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "Product name"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Plugin version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  "endpoint_detection_and_response": {
                                    "type": "object",
                                    "title": "Endpoint detection and response",
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "Product name"
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "Plugin version"
                                      },
                                      "alerts": {
                                        "type": "object",
                                        "properties": {
                                          "codes": {
                                            "type": "array",
                                            "items": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              "engine_version": {
                                "type": "string",
                                "title": "Engine version"
                              },
                              "policy_etag": {
                                "type": "string",
                                "title": "Policy etag"
                              },
                              "version": {
                                "type": "integer",
                                "title": "Version"
                              },
                              "document_id": {
                                "type": "string",
                                "title": "Document ID"
                              },
                              "machine_ip": {
                                "type": "string",
                                "title": "Machine public IP"
                              },
                              "source_location": {
                                "type": "object",
                                "properties": {
                                  "city": {
                                    "type": "string"
                                  },
                                  "country": {
                                    "type": "string"
                                  },
                                  "country_iso": {
                                    "type": "string"
                                  },
                                  "continent": {
                                    "type": "string"
                                  },
                                  "accuracy_radius": {
                                    "type": "integer"
                                  },
                                  "point": {
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number"
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number"
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "time_zone": {
                                    "type": "string"
                                  },
                                  "postal_code": {
                                    "type": "string"
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean"
                                  }
                                }
                              },
                              "serial_number": {
                                "type": "string",
                                "title": "Serial number of this endpoint"
                              }
                            }
                          },
                          "machine": {
                            "type": "object",
                            "title": "Endpoint",
                            "additionalProperties": true,
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "ID"
                              },
                              "job": {
                                "type": "object",
                                "title": "The last job",
                                "additionalProperties": true
                              },
                              "account": {
                                "type": "object",
                                "title": "Account",
                                "additionalProperties": true
                              },
                              "online": {
                                "type": "boolean",
                                "title": "Is online"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID"
                              },
                              "group_id": {
                                "type": "string",
                                "title": "Group ID"
                              },
                              "root_group_id": {
                                "type": "string",
                                "title": "Root group ID"
                              },
                              "group_name": {
                                "type": "string",
                                "title": "Group name"
                              },
                              "policy_id": {
                                "type": "string",
                                "title": "Policy id"
                              },
                              "policy_name": {
                                "type": "string",
                                "title": "Policy name"
                              },
                              "last_day_seen": {
                                "type": "string",
                                "title": "Last day seen"
                              },
                              "last_active": {
                                "type": "string",
                                "title": "Last time the endpoint connected to Nebula in real time"
                              },
                              "isolated": {
                                "type": "boolean",
                                "title": "Is isolated"
                              },
                              "scan_age_days": {
                                "type": "integer",
                                "title": "Days from last scan"
                              },
                              "suspicious_activity_count": {
                                "type": "integer",
                                "title": "Count of suspicious activities"
                              },
                              "infection_count": {
                                "type": "integer",
                                "title": "Count of infections found"
                              },
                              "reboot_required": {
                                "type": "integer",
                                "title": "Is reboot required"
                              },
                              "last_scanned_at": {
                                "type": "string",
                                "title": "Last scanned at"
                              },
                              "is_deleted": {
                                "type": "boolean",
                                "title": "Is deleted"
                              },
                              "version": {
                                "type": "integer",
                                "title": "Version"
                              },
                              "document_id": {
                                "type": "string",
                                "title": "Document ID"
                              },
                              "created_at": {
                                "type": "string",
                                "format": "date-time",
                                "title": "Created At"
                              }
                            }
                          },
                          "machineVersion": {
                            "type": "integer",
                            "title": "Machine version"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The Total_count Schema"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    },
                    "after": {
                      "type": "string",
                      "title": "After cursor"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.endpoints"
      }
    },
    "/nebula/v1/grid/endpoints/search-groupby": {
      "post": {
        "description": "Search grouped endpoints per account",
        "summary": "Search grouped endpoints",
        "simple_schema": "endpoint-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Endpoint Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "Endpoint Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Machine UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.id",
                                            "machine.group_id",
                                            "machine.root_group_id",
                                            "machine.policy_id"
                                          ]
                                        },
                                        {
                                          "title": "Machine Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "protection_status",
                                            "machine.tags.alias",
                                            "machine.reboot_required_reason",
                                            "machine.group_name",
                                            "machine.policy_name"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "Machine UID String Fields",
                                        "type": "string",
                                        "enum": [
                                          "machine.id",
                                          "machine.group_id",
                                          "machine.root_group_id",
                                          "machine.policy_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Machine Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "protection_status",
                                            "machine.tags.alias",
                                            "machine.reboot_required_reason",
                                            "machine.group_name",
                                            "machine.policy_name"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Boolean (Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent Boolean Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.is_software_update_available",
                                            "agent.has_alerts"
                                          ]
                                        },
                                        {
                                          "title": "Machine Boolean Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.is_deleted",
                                            "machine.isolated",
                                            "connected"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "title": "Value to search. Must be true or false",
                                      "type": "boolean"
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.started_at_offset",
                                            "agent.plugins.asset_manager.reboot_reasons",
                                            "agent.plugins.endpoint_protection.reboot_reasons",
                                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                            "agent.plugins.incident_response.reboot_reasons",
                                            "agent.plugins.siem.reboot_reasons"
                                          ]
                                        },
                                        {
                                          "title": "Machine Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.suspicious_activity_count",
                                            "machine.infection_count",
                                            "machine.reboot_required",
                                            "stats.assets.vulnerabilities_found.total"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        },
                                        {
                                          "title": "Machine Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.deleted_at",
                                            "machine.last_day_seen",
                                            "machine.last_scanned_at",
                                            "machine.created_at",
                                            "stats.assets.last_scanned_at"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "IP Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "MWB Version Constraints (gt, gte, lt, lte, equals)",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent MWB Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.engine_version"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "mwb_version"
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Version Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "string",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "string",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "string",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "string",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Version",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "value"
                                      ],
                                      "properties": {
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "string"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Machine UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.id",
                                            "machine.group_id",
                                            "machine.root_group_id",
                                            "machine.policy_id"
                                          ]
                                        },
                                        {
                                          "title": "Machine Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "protection_status",
                                            "machine.tags.alias",
                                            "machine.reboot_required_reason",
                                            "machine.group_name",
                                            "machine.policy_name"
                                          ]
                                        },
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        },
                                        {
                                          "title": "Agent Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.started_at_offset",
                                            "agent.plugins.asset_manager.reboot_reasons",
                                            "agent.plugins.endpoint_protection.reboot_reasons",
                                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                            "agent.plugins.incident_response.reboot_reasons",
                                            "agent.plugins.siem.reboot_reasons"
                                          ]
                                        },
                                        {
                                          "title": "Machine Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.suspicious_activity_count",
                                            "machine.infection_count",
                                            "machine.reboot_required",
                                            "stats.assets.vulnerabilities_found.total"
                                          ]
                                        },
                                        {
                                          "title": "Agent Boolean Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.is_software_update_available",
                                            "agent.has_alerts"
                                          ]
                                        },
                                        {
                                          "title": "Machine Boolean Fields",
                                          "type": "string",
                                          "enum": [
                                            "machine.is_deleted",
                                            "machine.isolated",
                                            "connected"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "host_name",
                                  "value": "DESKTOP-PHASHA",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {},
                          "sort_field": {
                            "type": "string",
                            "title": "Endpoint sort fields",
                            "enum": [
                              "agent.at",
                              "agent.nics.ips",
                              "agent.nics.mac_address",
                              "agent.nics.description",
                              "agent.os_info.os_type",
                              "agent.os_info.os_version",
                              "agent.os_info.os_platform",
                              "agent.os_info.os_architecture",
                              "agent.os_info.os_release_name",
                              "agent.host_name",
                              "agent.fully_qualified_host_name",
                              "agent.plugins.asset_manager.plugin_version",
                              "agent.plugins.asset_manager.reboot_reason",
                              "agent.plugins.endpoint_protection.plugin_version",
                              "agent.plugins.endpoint_protection.sdk_version",
                              "agent.plugins.endpoint_protection.component_package_version",
                              "agent.plugins.endpoint_protection.update_package_version",
                              "agent.plugins.endpoint_protection.reboot_reason",
                              "agent.plugins.endpoint_detection_and_response.plugin_version",
                              "agent.plugins.endpoint_detection_and_response.reboot_reason",
                              "agent.plugins.incident_response.plugin_version",
                              "agent.plugins.incident_response.reboot_reason",
                              "agent.plugins.siem.plugin_version",
                              "agent.plugins.siem.reboot_reason",
                              "agent.plugins.browser_phishing_protection.plugin_version",
                              "agent.engine_version",
                              "agent.domain_name",
                              "agent.policy_etag",
                              "machine.account_id",
                              "machine.account.name",
                              "machine.group_id",
                              "machine.root_group_id",
                              "machine.group_name",
                              "machine.policy_name",
                              "machine.policy_id",
                              "machine.deleted_at",
                              "machine.created_at",
                              "machine.marked_for_deletion",
                              "machine.is_deleted",
                              "machine.last_day_seen",
                              "machine.last_scanned_at",
                              "agent.last_user",
                              "machine.tags.alias",
                              "display_name",
                              "name_multi_search",
                              "agent.machine_ip",
                              "agent.serial_number",
                              "agent.object_guid",
                              "stats.assets.vulnerabilities_found.critical",
                              "stats.assets.vulnerabilities_found.high",
                              "stats.assets.vulnerabilities_found.medium",
                              "stats.assets.vulnerabilities_found.low",
                              "stats.assets.vulnerabilities_found.none",
                              "stats.assets.vulnerabilities_found.total",
                              "stats.assets.os_patches_available",
                              "stats.assets.last_scanned_at",
                              "connected"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "Endpoint Groupby Fields",
                          "enum": [
                            "agent.os_info.os_platform",
                            "agent.os_info.os_type",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_version",
                            "agent.os_info.os_release_name",
                            "agent.engine_version",
                            "agent.domain_name",
                            "agent.policy_etag",
                            "machine.account_id",
                            "machine.group_id",
                            "machine.root_group_id",
                            "machine.policy_id",
                            "agent.machine_ip",
                            "agent.last_user",
                            "agent.object_guid",
                            "agent.plugins.endpoint_protection.update_package_version",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.serial_number",
                            "protection_status",
                            "agent.nics.mac_address",
                            "agent.nics.ips",
                            "stats.assets.os_patches_available",
                            "agent.plugins.browser_phishing_protection.plugin_version"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post Endpoints Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.endpoints.group"
      }
    },
    "/nebula/v1/grid/events/export": {
      "post": {
        "description": "Export event data",
        "summary": "Export events",
        "simple_schema": "event-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Event Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Event select fields",
                              "enum": [
                                "type",
                                "severity",
                                "group_id",
                                "id",
                                "details",
                                "created_at",
                                "account_name",
                                "parent_account_id",
                                "root_group_id",
                                "machine_id",
                                "account_id",
                                "policy_id",
                                "group_name",
                                "policy_name",
                                "machine_name",
                                "source"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch event activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Event Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Event UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "account_id",
                                                      "parent_account_id",
                                                      "user_id",
                                                      "machine_id",
                                                      "root_group_id",
                                                      "group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Event Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "user_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Event Enum String Fields",
                                                    "enum": [
                                                      "source",
                                                      "type",
                                                      "severity",
                                                      "action"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Event UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "id",
                                                    "account_id",
                                                    "parent_account_id",
                                                    "user_id",
                                                    "machine_id",
                                                    "root_group_id",
                                                    "group_id",
                                                    "policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Event Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "user_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "policy_name"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Event Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Event UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "account_id",
                                                      "parent_account_id",
                                                      "user_id",
                                                      "machine_id",
                                                      "root_group_id",
                                                      "group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Event Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "user_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Event Enum String Fields",
                                                    "enum": [
                                                      "source",
                                                      "type",
                                                      "severity",
                                                      "action"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Event Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "rule_name",
                                            "value": "Test Rule",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Event aggregation fields",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "parent_account_id",
                                          "user_id",
                                          "user_name",
                                          "machine_id",
                                          "machine_name",
                                          "root_group_id",
                                          "group_id",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "source",
                                          "type",
                                          "severity",
                                          "action",
                                          "created_at"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Event sort fields",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "parent_account_id",
                                        "user_id",
                                        "user_name",
                                        "machine_id",
                                        "machine_name",
                                        "root_group_id",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "source",
                                        "type",
                                        "severity",
                                        "action",
                                        "created_at"
                                      ]
                                    },
                                    "start_date": {
                                      "type": "string",
                                      "title": "Get results after this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    },
                                    "end_date": {
                                      "type": "string",
                                      "title": "Get results before this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.events"
      }
    },
    "/nebula/v1/grid/events/export/async": {
      "post": {
        "description": "Export event data",
        "summary": "Export events asynchronously",
        "simple_schema": "event-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Event Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Event select fields",
                              "enum": [
                                "type",
                                "severity",
                                "group_id",
                                "id",
                                "details",
                                "created_at",
                                "account_name",
                                "parent_account_id",
                                "root_group_id",
                                "machine_id",
                                "account_id",
                                "policy_id",
                                "group_name",
                                "policy_name",
                                "machine_name",
                                "source"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch event activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Event Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Event UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "account_id",
                                                      "parent_account_id",
                                                      "user_id",
                                                      "machine_id",
                                                      "root_group_id",
                                                      "group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Event Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "user_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Event Enum String Fields",
                                                    "enum": [
                                                      "source",
                                                      "type",
                                                      "severity",
                                                      "action"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Event UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "id",
                                                    "account_id",
                                                    "parent_account_id",
                                                    "user_id",
                                                    "machine_id",
                                                    "root_group_id",
                                                    "group_id",
                                                    "policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Event Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "user_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "policy_name"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Event Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Event UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "account_id",
                                                      "parent_account_id",
                                                      "user_id",
                                                      "machine_id",
                                                      "root_group_id",
                                                      "group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Event Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "user_name",
                                                      "machine_name",
                                                      "group_name",
                                                      "policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "type": "string",
                                                    "title": "Event Enum String Fields",
                                                    "enum": [
                                                      "source",
                                                      "type",
                                                      "severity",
                                                      "action"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Event Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "rule_name",
                                            "value": "Test Rule",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Event aggregation fields",
                                        "enum": [
                                          "account_id",
                                          "account_name",
                                          "parent_account_id",
                                          "user_id",
                                          "user_name",
                                          "machine_id",
                                          "machine_name",
                                          "root_group_id",
                                          "group_id",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "source",
                                          "type",
                                          "severity",
                                          "action",
                                          "created_at"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Event sort fields",
                                      "enum": [
                                        "account_id",
                                        "account_name",
                                        "parent_account_id",
                                        "user_id",
                                        "user_name",
                                        "machine_id",
                                        "machine_name",
                                        "root_group_id",
                                        "group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "source",
                                        "type",
                                        "severity",
                                        "action",
                                        "created_at"
                                      ]
                                    },
                                    "start_date": {
                                      "type": "string",
                                      "title": "Get results after this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    },
                                    "end_date": {
                                      "type": "string",
                                      "title": "Get results before this date",
                                      "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                                      "examples": [
                                        "2020-03-23T17:23:17.860482Z"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.events.async"
      }
    },
    "/nebula/v1/grid/events/search": {
      "post": {
        "description": "Search events",
        "summary": "Search events",
        "simple_schema": "event-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "Event Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Event UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "id",
                                        "account_id",
                                        "parent_account_id",
                                        "user_id",
                                        "machine_id",
                                        "root_group_id",
                                        "group_id",
                                        "policy_id"
                                      ]
                                    },
                                    {
                                      "title": "Event Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "user_name",
                                        "machine_name",
                                        "group_name",
                                        "policy_name"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Event Enum String Fields",
                                      "enum": [
                                        "source",
                                        "type",
                                        "severity",
                                        "action"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "Event UID String Fields",
                                    "type": "string",
                                    "enum": [
                                      "id",
                                      "account_id",
                                      "parent_account_id",
                                      "user_id",
                                      "machine_id",
                                      "root_group_id",
                                      "group_id",
                                      "policy_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Event Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "user_name",
                                        "machine_name",
                                        "group_name",
                                        "policy_name"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Event Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "created_at"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Event UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "id",
                                        "account_id",
                                        "parent_account_id",
                                        "user_id",
                                        "machine_id",
                                        "root_group_id",
                                        "group_id",
                                        "policy_id"
                                      ]
                                    },
                                    {
                                      "title": "Event Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "user_name",
                                        "machine_name",
                                        "group_name",
                                        "policy_name"
                                      ]
                                    },
                                    {
                                      "type": "string",
                                      "title": "Event Enum String Fields",
                                      "enum": [
                                        "source",
                                        "type",
                                        "severity",
                                        "action"
                                      ]
                                    },
                                    {
                                      "title": "Event Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "created_at"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "rule_name",
                              "value": "Test Rule",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "Event aggregation fields",
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "user_id",
                            "user_name",
                            "machine_id",
                            "machine_name",
                            "root_group_id",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "source",
                            "type",
                            "severity",
                            "action",
                            "created_at"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Event sort fields",
                        "enum": [
                          "account_id",
                          "account_name",
                          "parent_account_id",
                          "user_id",
                          "user_name",
                          "machine_id",
                          "machine_name",
                          "root_group_id",
                          "group_id",
                          "group_name",
                          "policy_id",
                          "policy_name",
                          "source",
                          "type",
                          "severity",
                          "action",
                          "created_at"
                        ]
                      },
                      "start_date": {
                        "type": "string",
                        "title": "Get results after this date",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "end_date": {
                        "type": "string",
                        "title": "Get results before this date",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search events result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "required": [
                          "type"
                        ],
                        "type": "object",
                        "additionalProperties": false,
                        "properties": {
                          "type": {
                            "type": "string"
                          },
                          "severity": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "id": {
                            "type": "string"
                          },
                          "details": {
                            "type": [
                              "object",
                              "array"
                            ]
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "account_name": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "account_id": {
                            "type": "string"
                          },
                          "policy_id": {
                            "type": "string"
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "policy_name": {
                            "type": "string"
                          },
                          "machine_name": {
                            "type": "string"
                          },
                          "source": {
                            "type": "string"
                          },
                          "action": {
                            "type": "string"
                          },
                          "online": {
                            "type": "boolean",
                            "title": "Endpoint connection status (populated only if the populate.online is set)"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.events"
      }
    },
    "/nebula/v1/grid/events/search-groupby": {
      "post": {
        "description": "Search and group events",
        "summary": "Search events groupby",
        "simple_schema": "event-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Event Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "Event Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Event UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "id",
                                            "account_id",
                                            "parent_account_id",
                                            "user_id",
                                            "machine_id",
                                            "root_group_id",
                                            "group_id",
                                            "policy_id"
                                          ]
                                        },
                                        {
                                          "title": "Event Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "user_name",
                                            "machine_name",
                                            "group_name",
                                            "policy_name"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Event Enum String Fields",
                                          "enum": [
                                            "source",
                                            "type",
                                            "severity",
                                            "action"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "Event UID String Fields",
                                        "type": "string",
                                        "enum": [
                                          "id",
                                          "account_id",
                                          "parent_account_id",
                                          "user_id",
                                          "machine_id",
                                          "root_group_id",
                                          "group_id",
                                          "policy_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Event Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "user_name",
                                            "machine_name",
                                            "group_name",
                                            "policy_name"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Event Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "created_at"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Event UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "id",
                                            "account_id",
                                            "parent_account_id",
                                            "user_id",
                                            "machine_id",
                                            "root_group_id",
                                            "group_id",
                                            "policy_id"
                                          ]
                                        },
                                        {
                                          "title": "Event Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "user_name",
                                            "machine_name",
                                            "group_name",
                                            "policy_name"
                                          ]
                                        },
                                        {
                                          "type": "string",
                                          "title": "Event Enum String Fields",
                                          "enum": [
                                            "source",
                                            "type",
                                            "severity",
                                            "action"
                                          ]
                                        },
                                        {
                                          "title": "Event Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "created_at"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "rule_name",
                                  "value": "Test Rule",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "Event aggregation fields",
                              "enum": [
                                "account_id",
                                "account_name",
                                "parent_account_id",
                                "user_id",
                                "user_name",
                                "machine_id",
                                "machine_name",
                                "root_group_id",
                                "group_id",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "source",
                                "type",
                                "severity",
                                "action",
                                "created_at"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "Event sort fields",
                            "enum": [
                              "account_id",
                              "account_name",
                              "parent_account_id",
                              "user_id",
                              "user_name",
                              "machine_id",
                              "machine_name",
                              "root_group_id",
                              "group_id",
                              "group_name",
                              "policy_id",
                              "policy_name",
                              "source",
                              "type",
                              "severity",
                              "action",
                              "created_at"
                            ]
                          },
                          "start_date": {
                            "type": "string",
                            "title": "Get results after this date",
                            "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          },
                          "end_date": {
                            "type": "string",
                            "title": "Get results before this date",
                            "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                            "examples": [
                              "2020-03-23T17:23:17.860482Z"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "Event groupby fields",
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "user_id",
                            "user_name",
                            "machine_id",
                            "machine_name",
                            "root_group_id",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "source",
                            "type",
                            "severity",
                            "action",
                            "created_at"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Events Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.events.group"
      }
    },
    "/nebula/v1/grid/firewall/export": {
      "post": {
        "description": "Export firewall activity",
        "summary": "Export firewall activity",
        "simple_schema": "firewall-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Firewall export request",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Firewall select fields",
                              "enum": [
                                "document_id",
                                "account_name",
                                "machine_name",
                                "rule_name",
                                "ruleset_name",
                                "program",
                                "service",
                                "protocol",
                                "hits",
                                "direction",
                                "location",
                                "action",
                                "account_id",
                                "machine_id",
                                "rule_id",
                                "start_time",
                                "end_time"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch firewall activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Firewall Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Firewall String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "document_id",
                                                      "account_name",
                                                      "machine_name",
                                                      "rule_name",
                                                      "ruleset_name",
                                                      "program",
                                                      "service",
                                                      "protocol"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Firewall Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "direction",
                                                      "location",
                                                      "action"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Firewall UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "machine_id",
                                                      "rule_id",
                                                      "ruleset_id"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Firewall UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "machine_id",
                                                    "rule_id",
                                                    "ruleset_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Firewall String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "document_id",
                                                      "account_name",
                                                      "machine_name",
                                                      "rule_name",
                                                      "ruleset_name",
                                                      "program",
                                                      "service",
                                                      "protocol"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Firewall Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "hits"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Firewall Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "@timestamp",
                                                      "start_time",
                                                      "end_time"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Firewall String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "document_id",
                                                      "account_name",
                                                      "machine_name",
                                                      "rule_name",
                                                      "ruleset_name",
                                                      "program",
                                                      "service",
                                                      "protocol"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Firewall Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "direction",
                                                      "location",
                                                      "action"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Firewall UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "machine_id",
                                                      "rule_id",
                                                      "ruleset_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Firewall Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "hits"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "rule_name",
                                            "value": "Test Rule",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "Firewall aggregation fields",
                                        "enum": [
                                          "account_name",
                                          "machine_name",
                                          "rule_name",
                                          "program",
                                          "service",
                                          "protocol",
                                          "account_id",
                                          "machine_id",
                                          "ruleset_id",
                                          "ruleset_name",
                                          "rule_id",
                                          "action",
                                          "location",
                                          "daily_firewall_hits_by_direction",
                                          "hits_by_direction_per_endpoint"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Firewall sort Fields",
                                      "enum": [
                                        "account_name",
                                        "machine_name",
                                        "rule_name",
                                        "ruleset_name",
                                        "program",
                                        "service",
                                        "protocol",
                                        "account_id",
                                        "machine_id",
                                        "rule_id",
                                        "hits",
                                        "start_time",
                                        "end_time",
                                        "action",
                                        "direction"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.firewall"
      }
    },
    "/nebula/v1/grid/firewall/search": {
      "post": {
        "description": "Search firewall activity",
        "summary": "Search firewall activity",
        "simple_schema": "firewall-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "Firewall Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Firewall String Fields",
                                      "type": "string",
                                      "enum": [
                                        "document_id",
                                        "account_name",
                                        "machine_name",
                                        "rule_name",
                                        "ruleset_name",
                                        "program",
                                        "service",
                                        "protocol"
                                      ]
                                    },
                                    {
                                      "title": "Firewall Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "direction",
                                        "location",
                                        "action"
                                      ]
                                    },
                                    {
                                      "title": "Firewall UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "machine_id",
                                        "rule_id",
                                        "ruleset_id"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "Firewall UID String Fields",
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "machine_id",
                                      "rule_id",
                                      "ruleset_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Firewall String Fields",
                                      "type": "string",
                                      "enum": [
                                        "document_id",
                                        "account_name",
                                        "machine_name",
                                        "rule_name",
                                        "ruleset_name",
                                        "program",
                                        "service",
                                        "protocol"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Firewall Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "hits"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Firewall Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "@timestamp",
                                        "start_time",
                                        "end_time"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Firewall String Fields",
                                      "type": "string",
                                      "enum": [
                                        "document_id",
                                        "account_name",
                                        "machine_name",
                                        "rule_name",
                                        "ruleset_name",
                                        "program",
                                        "service",
                                        "protocol"
                                      ]
                                    },
                                    {
                                      "title": "Firewall Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "direction",
                                        "location",
                                        "action"
                                      ]
                                    },
                                    {
                                      "title": "Firewall UID String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "machine_id",
                                        "rule_id",
                                        "ruleset_id"
                                      ]
                                    },
                                    {
                                      "title": "Firewall Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "hits"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "rule_name",
                              "value": "Test Rule",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "Firewall aggregation fields",
                          "enum": [
                            "account_name",
                            "machine_name",
                            "rule_name",
                            "program",
                            "service",
                            "protocol",
                            "account_id",
                            "machine_id",
                            "ruleset_id",
                            "ruleset_name",
                            "rule_id",
                            "action",
                            "location",
                            "daily_firewall_hits_by_direction",
                            "hits_by_direction_per_endpoint"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "Firewall sort Fields",
                        "enum": [
                          "account_name",
                          "machine_name",
                          "rule_name",
                          "ruleset_name",
                          "program",
                          "service",
                          "protocol",
                          "account_id",
                          "machine_id",
                          "rule_id",
                          "hits",
                          "start_time",
                          "end_time",
                          "action",
                          "direction"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search firewall activity",
                  "required": [
                    "results",
                    "total_count"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "created_at": {
                            "type": "string",
                            "format": "date-time",
                            "title": "Created at"
                          },
                          "start_time": {
                            "type": "string",
                            "title": "Start time"
                          },
                          "end_time": {
                            "type": "string",
                            "title": "End time"
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID",
                            "format": "uuid"
                          },
                          "account_name": {
                            "type": "string",
                            "title": "Account name"
                          },
                          "machine_id": {
                            "type": "string",
                            "title": "Machine ID",
                            "format": "uuid"
                          },
                          "machine_name": {
                            "type": "string",
                            "title": "Machine name"
                          },
                          "group_id": {
                            "type": "string",
                            "title": "Group ID",
                            "format": "uuid"
                          },
                          "root_group_id": {
                            "type": "string",
                            "title": "Root group ID",
                            "format": "uuid"
                          },
                          "document_id": {
                            "type": "string",
                            "title": "Document ID"
                          },
                          "rule_id": {
                            "type": "string",
                            "title": "Rule ID",
                            "format": "uuid"
                          },
                          "rule_name": {
                            "type": "string",
                            "title": "Rule name"
                          },
                          "ruleset_id": {
                            "type": "string",
                            "title": "Ruleset ID"
                          },
                          "ruleset_name": {
                            "type": "string",
                            "title": "Ruleset name"
                          },
                          "direction": {
                            "type": "string",
                            "title": "Direction"
                          },
                          "action": {
                            "type": "string",
                            "title": "Action"
                          },
                          "protocol": {
                            "type": "string",
                            "title": "Protocol"
                          },
                          "location": {
                            "type": "string",
                            "title": "Location"
                          },
                          "program": {
                            "type": "string",
                            "title": "Program"
                          },
                          "service": {
                            "type": "string",
                            "title": "Service"
                          },
                          "hits": {
                            "type": "integer",
                            "title": "Hits"
                          }
                        }
                      },
                      "aggregations": {
                        "type": "object",
                        "title": "Aggregations",
                        "additionalProperties": true
                      },
                      "total_count": {
                        "type": "integer",
                        "title": "Total count of found firewall activities"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.firewall"
      }
    },
    "/nebula/v1/grid/firewall/search-groupby": {
      "post": {
        "description": "Search grouped firewall activity",
        "summary": "Search grouped firewall activity",
        "simple_schema": "firewall-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Firewall Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "Firewall Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Firewall String Fields",
                                          "type": "string",
                                          "enum": [
                                            "document_id",
                                            "account_name",
                                            "machine_name",
                                            "rule_name",
                                            "ruleset_name",
                                            "program",
                                            "service",
                                            "protocol"
                                          ]
                                        },
                                        {
                                          "title": "Firewall Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "direction",
                                            "location",
                                            "action"
                                          ]
                                        },
                                        {
                                          "title": "Firewall UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "machine_id",
                                            "rule_id",
                                            "ruleset_id"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "Firewall UID String Fields",
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "machine_id",
                                          "rule_id",
                                          "ruleset_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Firewall String Fields",
                                          "type": "string",
                                          "enum": [
                                            "document_id",
                                            "account_name",
                                            "machine_name",
                                            "rule_name",
                                            "ruleset_name",
                                            "program",
                                            "service",
                                            "protocol"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Firewall Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "hits"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Firewall Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "@timestamp",
                                            "start_time",
                                            "end_time"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Firewall String Fields",
                                          "type": "string",
                                          "enum": [
                                            "document_id",
                                            "account_name",
                                            "machine_name",
                                            "rule_name",
                                            "ruleset_name",
                                            "program",
                                            "service",
                                            "protocol"
                                          ]
                                        },
                                        {
                                          "title": "Firewall Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "direction",
                                            "location",
                                            "action"
                                          ]
                                        },
                                        {
                                          "title": "Firewall UID String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "machine_id",
                                            "rule_id",
                                            "ruleset_id"
                                          ]
                                        },
                                        {
                                          "title": "Firewall Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "hits"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "rule_name",
                                  "value": "Test Rule",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "Firewall aggregation fields",
                              "enum": [
                                "account_name",
                                "machine_name",
                                "rule_name",
                                "program",
                                "service",
                                "protocol",
                                "account_id",
                                "machine_id",
                                "ruleset_id",
                                "ruleset_name",
                                "rule_id",
                                "action",
                                "location",
                                "daily_firewall_hits_by_direction",
                                "hits_by_direction_per_endpoint"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "Firewall sort Fields",
                            "enum": [
                              "account_name",
                              "machine_name",
                              "rule_name",
                              "ruleset_name",
                              "program",
                              "service",
                              "protocol",
                              "account_id",
                              "machine_id",
                              "rule_id",
                              "hits",
                              "start_time",
                              "end_time",
                              "action",
                              "direction"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "Firewall Groupby Fields",
                          "enum": [
                            "account_name",
                            "machine_name",
                            "rule_name",
                            "ruleset_id",
                            "ruleset_name",
                            "program",
                            "service",
                            "protocol",
                            "account_id",
                            "machine_id",
                            "rule_id",
                            "direction",
                            "action"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Group firewall activity response",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.firewall.group"
      }
    },
    "/nebula/v1/grid/jobs/bulk": {
      "post": {
        "description": "Issue jobs",
        "summary": "Issue jobs",
        "simple_schema": "grid-issue-jobs-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "The Post Isolate Request Body Schema",
                "required": [
                  "groups",
                  "command"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "The Post Isolate Request Body Schema",
                    "required": [
                      "groups",
                      "command"
                    ],
                    "properties": {
                      "command": {
                        "type": "string",
                        "title": "Command"
                      },
                      "requires_connected": {
                        "type": "boolean",
                        "title": "Whether a connection needs to be initiated before issuing this jobs (i.e. active response shell)"
                      },
                      "data": {
                        "type": "object",
                        "title": "Data",
                        "properties": {
                          "scan_settings": {
                            "type": "object",
                            "title": "Scan settings",
                            "properties": {
                              "type": {
                                "type": "string",
                                "title": "Type",
                                "enum": [
                                  "CustomScan",
                                  "ThreatScan",
                                  "HyperScan"
                                ]
                              },
                              "remove": {
                                "type": "boolean",
                                "title": "Remove"
                              }
                            }
                          },
                          "enable_shuriken": {
                            "type": "boolean",
                            "title": "Enable shuriken"
                          },
                          "allow_postpone_reboot": {
                            "type": "boolean",
                            "title": "Allow postpone reboot"
                          },
                          "type": {
                            "type": "string",
                            "title": "Type"
                          },
                          "scan_path_from_list_file": {
                            "type": "boolean",
                            "title": "Scan path from list file"
                          },
                          "scan_path": {
                            "type": "string",
                            "title": "Scan path"
                          },
                          "add_scan_paths": {
                            "type": "array",
                            "title": "Add scan paths",
                            "items": {
                              "type": "string",
                              "title": "Add scan paths items"
                            }
                          },
                          "no_archive": {
                            "type": "boolean",
                            "title": "No archive"
                          },
                          "ark": {
                            "type": "boolean",
                            "title": "Ark"
                          },
                          "remove": {
                            "type": "boolean",
                            "title": "Remove"
                          },
                          "no_reboot": {
                            "type": "boolean",
                            "title": "No reboot"
                          },
                          "reboot_delay": {
                            "type": "integer",
                            "title": "Reboot delay"
                          },
                          "reboot_delay_rrule": {
                            "type": "string",
                            "title": "Reboot delay rrule"
                          },
                          "reboot_message": {
                            "type": "string",
                            "title": "Reboot message"
                          },
                          "pum_detection": {
                            "type": "string",
                            "title": "Pum detection"
                          },
                          "pup_detection": {
                            "type": "string",
                            "title": "Pup detection"
                          },
                          "scan_memory": {
                            "type": "boolean",
                            "title": "Scan memory"
                          },
                          "scan_registry": {
                            "type": "boolean",
                            "title": "Scan registry"
                          },
                          "scan_startup": {
                            "type": "boolean",
                            "title": "Scan startup"
                          },
                          "scan_file_system": {
                            "type": "boolean",
                            "title": "Scan file system"
                          },
                          "scan_priority": {
                            "type": "string",
                            "title": "Scan priority"
                          },
                          "scan_fixed_drives": {
                            "type": "boolean",
                            "title": "Scan fixed drives"
                          },
                          "exclusions": {
                            "type": "array",
                            "title": "Exclusions",
                            "items": {
                              "type": "object",
                              "title": "Exclusion items",
                              "additionalProperties": true,
                              "properties": {
                                "value": {
                                  "type": "string",
                                  "title": "Value"
                                },
                                "type": {
                                  "type": "string",
                                  "title": "Type"
                                },
                                "exclude_from": {
                                  "type": "object",
                                  "title": "Exclude from",
                                  "properties": {
                                    "exploit_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Exploit protection"
                                    },
                                    "malware_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Malware protection"
                                    },
                                    "ransomware_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Ransomware protection"
                                    },
                                    "suspicious_activity": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Suspicious activity"
                                    },
                                    "website_protection": {
                                      "type": [
                                        "boolean",
                                        "null"
                                      ],
                                      "title": "Website protection"
                                    }
                                  }
                                }
                              }
                            }
                          },
                          "allow_postpone": {
                            "type": [
                              "boolean",
                              "number"
                            ],
                            "title": "Asset Reboot allow postpone"
                          },
                          "delay_in_seconds": {
                            "type": "number",
                            "title": "Asset Reboot delay"
                          },
                          "message": {
                            "type": "string",
                            "title": "Asset Reboot message"
                          },
                          "reasons": {
                            "type": "number",
                            "title": "Asset Reboot reason: 0 RebootStatusClear, 1 RebootStatusDOR, 2 RebootStatusInstall, 3 RebootStatusUpgrade, 4 RebootStatusUnknown"
                          },
                          "restore_items": {
                            "type": "array",
                            "title": "Detection IDs to restore from quarantine",
                            "items": {
                              "type": "string",
                              "title": "Detection ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260653e4fa4f"
                              ]
                            }
                          },
                          "delete_items": {
                            "type": "array",
                            "title": "Detection IDs to delete from quarantine",
                            "items": {
                              "type": "string",
                              "title": "Detection ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260653e4fa4f"
                              ]
                            }
                          },
                          "application_name": {
                            "type": "string",
                            "examples": [
                              "Chrome"
                            ]
                          },
                          "current_version": {
                            "type": "string",
                            "examples": [
                              "96.0.4664.45"
                            ]
                          },
                          "new_version": {
                            "type": "string",
                            "examples": [
                              "97.0.2103.01"
                            ]
                          },
                          "product": {
                            "type": "number",
                            "product": [
                              41
                            ]
                          },
                          "vendor": {
                            "type": "string",
                            "examples": [
                              "Google"
                            ]
                          },
                          "architecture": {
                            "type": "string",
                            "examples": [
                              "x86"
                            ]
                          },
                          "language": {
                            "type": "string",
                            "examples": [
                              "tr-TR"
                            ]
                          },
                          "patches": {
                            "type": "array",
                            "title": "Options for command.asset.patch",
                            "items": {
                              "type": "object",
                              "properties": {
                                "category": {
                                  "type": "string",
                                  "examples": [
                                    "feature_pack"
                                  ]
                                },
                                "product": {
                                  "type": "string",
                                  "examples": [
                                    "Silverlight"
                                  ]
                                },
                                "severity": {
                                  "type": "string",
                                  "examples": [
                                    "critical"
                                  ]
                                },
                                "title": {
                                  "type": "string",
                                  "examples": [
                                    "Microsoft Silverlight (KB4481252)"
                                  ]
                                },
                                "vendor": {
                                  "type": "string",
                                  "examples": [
                                    "Microsoft Corporation"
                                  ]
                                }
                              }
                            }
                          }
                        }
                      },
                      "relay_state": {
                        "type": "string",
                        "title": "Relay state"
                      }
                    }
                  },
                  {
                    "type": "object",
                    "properties": {
                      "groups": {
                        "type": "array",
                        "title": "Machine filters",
                        "items": {
                          "type": "object",
                          "title": "List of queries to select endpoints",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "Endpoint Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.id",
                                                      "machine.group_id",
                                                      "machine.root_group_id",
                                                      "machine.policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Machine UID String Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "machine.id",
                                                    "machine.group_id",
                                                    "machine.root_group_id",
                                                    "machine.policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.is_software_update_available",
                                                      "agent.has_alerts"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.is_deleted",
                                                      "machine.isolated",
                                                      "connected"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.suspicious_activity_count",
                                                      "machine.infection_count",
                                                      "machine.reboot_required",
                                                      "stats.assets.vulnerabilities_found.total"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.deleted_at",
                                                      "machine.last_day_seen",
                                                      "machine.last_scanned_at",
                                                      "machine.created_at",
                                                      "stats.assets.last_scanned_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "MWB Version Constraints (gt, gte, lt, lte, equals)",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent MWB Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.engine_version"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "mwb_version"
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Version Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "string",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "string",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "string",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "string",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Version",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "value"
                                                ],
                                                "properties": {
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine UID String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.id",
                                                      "machine.group_id",
                                                      "machine.root_group_id",
                                                      "machine.policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "protection_status",
                                                      "machine.tags.alias",
                                                      "machine.reboot_required_reason",
                                                      "machine.group_name",
                                                      "machine.policy_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.suspicious_activity_count",
                                                      "machine.infection_count",
                                                      "machine.reboot_required",
                                                      "stats.assets.vulnerabilities_found.total"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.is_software_update_available",
                                                      "agent.has_alerts"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Machine Boolean Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "machine.is_deleted",
                                                      "machine.isolated",
                                                      "connected"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "host_name",
                                            "value": "DESKTOP-PHASHA",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {},
                                    "sort_field": {
                                      "type": "string",
                                      "title": "Endpoint sort fields",
                                      "enum": [
                                        "agent.at",
                                        "agent.nics.ips",
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_platform",
                                        "agent.os_info.os_architecture",
                                        "agent.os_info.os_release_name",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.reboot_reason",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.reboot_reason",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reason",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.reboot_reason",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.reboot_reason",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.engine_version",
                                        "agent.domain_name",
                                        "agent.policy_etag",
                                        "machine.account_id",
                                        "machine.account.name",
                                        "machine.group_id",
                                        "machine.root_group_id",
                                        "machine.group_name",
                                        "machine.policy_name",
                                        "machine.policy_id",
                                        "machine.deleted_at",
                                        "machine.created_at",
                                        "machine.marked_for_deletion",
                                        "machine.is_deleted",
                                        "machine.last_day_seen",
                                        "machine.last_scanned_at",
                                        "agent.last_user",
                                        "machine.tags.alias",
                                        "display_name",
                                        "name_multi_search",
                                        "agent.machine_ip",
                                        "agent.serial_number",
                                        "agent.object_guid",
                                        "stats.assets.vulnerabilities_found.critical",
                                        "stats.assets.vulnerabilities_found.high",
                                        "stats.assets.vulnerabilities_found.medium",
                                        "stats.assets.vulnerabilities_found.low",
                                        "stats.assets.vulnerabilities_found.none",
                                        "stats.assets.vulnerabilities_found.total",
                                        "stats.assets.os_patches_available",
                                        "stats.assets.last_scanned_at",
                                        "connected"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "201": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Create job response",
                  "required": [
                    "jobs",
                    "total_count"
                  ],
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "title": "List of jobs",
                      "items": {
                        "type": "object",
                        "title": "Job items",
                        "required": [
                          "machine_id",
                          "job_id"
                        ],
                        "properties": {
                          "machine_id": {
                            "type": "string",
                            "title": "The ID of the endpoint onto which the job was issued (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "job_id": {
                            "type": "string",
                            "title": "The ID of the job. You can use this ID to retrieve additional informations about the job and track its progress, as well as use it as a reference to handle webhooks notifications (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    },
                    "errors": {
                      "type": "array",
                      "title": "tasks not performed",
                      "items": {
                        "type": "object",
                        "title": "Endpoint ID",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_ids": {
                            "type": "array",
                            "title": "Account IDs",
                            "items": {
                              "type": "string",
                              "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The total number of issued jobs"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.jobs.bulk"
      }
    },
    "/nebula/v1/grid/os-patches/export": {
      "post": {
        "description": "Export OS Patches per account",
        "summary": "Export OS Patches",
        "simple_schema": "os-patch-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "OS Patches Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "OS Patch select fields",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "display_name",
                                "vendor",
                                "product",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "severity",
                                "title",
                                "description",
                                "category",
                                "security_update_id",
                                "patch_id",
                                "kb_id",
                                "created_at",
                                "released_at",
                                "reboot_required",
                                "preview_patch",
                                "size",
                                "group.name",
                                "group.policy_id",
                                "group.policy_name",
                                "endpoint.last_day_seen",
                                "endpoint.last_user",
                                "endpoint.online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "OS Patch Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "display_name",
                                                      "vendor",
                                                      "product",
                                                      "severity",
                                                      "title",
                                                      "description",
                                                      "category"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "object_guid",
                                                      "security_update_id",
                                                      "patch_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Os Patch UID Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "parent_account_id",
                                                    "machine_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "object_guid",
                                                    "security_update_id",
                                                    "patch_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "display_name",
                                                      "vendor",
                                                      "product",
                                                      "severity",
                                                      "title",
                                                      "description",
                                                      "category"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "OS Patch Boolean Fields",
                                                    "enum": [
                                                      "reboot_required",
                                                      "preview_patch"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "size"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at",
                                                      "released_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "display_name",
                                                      "vendor",
                                                      "product",
                                                      "severity",
                                                      "title",
                                                      "description",
                                                      "category"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "object_guid",
                                                      "security_update_id",
                                                      "patch_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at",
                                                      "released_at"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "account_name",
                                            "value": "Test Account",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "OS Patch aggregation fields",
                                        "enum": [
                                          "machine_id",
                                          "group_id",
                                          "root_group_id",
                                          "object_guid",
                                          "host_name",
                                          "fully_qualified_host_name",
                                          "display_name",
                                          "vendor",
                                          "product",
                                          "os_info.os_type",
                                          "os_info.os_version",
                                          "os_info.os_platform",
                                          "os_info.os_architecture",
                                          "os_info.os_release_name",
                                          "severity",
                                          "title",
                                          "description",
                                          "category",
                                          "security_update_id",
                                          "patch_id",
                                          "kb_id",
                                          "created_at",
                                          "released_at",
                                          "reboot_required",
                                          "preview_patch",
                                          "size"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "OS Patch sort fields",
                                      "enum": [
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "object_guid",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "display_name",
                                        "vendor",
                                        "product",
                                        "os_info.os_type",
                                        "os_info.os_version",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name",
                                        "severity",
                                        "title",
                                        "description",
                                        "category",
                                        "security_update_id",
                                        "patch_id",
                                        "kb_id",
                                        "created_at",
                                        "released_at",
                                        "reboot_required",
                                        "preview_patch",
                                        "size"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.os_patches"
      }
    },
    "/nebula/v1/grid/os-patches/export/async": {
      "post": {
        "description": "Export OS Patches per account",
        "summary": "Export OS Patches asynchronously",
        "simple_schema": "os-patch-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "OS Patches Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "select": {
                        "items": {
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "OS Patch select fields",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "display_name",
                                "vendor",
                                "product",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "severity",
                                "title",
                                "description",
                                "category",
                                "security_update_id",
                                "patch_id",
                                "kb_id",
                                "created_at",
                                "released_at",
                                "reboot_required",
                                "preview_patch",
                                "size",
                                "group.name",
                                "group.policy_id",
                                "group.policy_name",
                                "endpoint.last_day_seen",
                                "endpoint.last_user",
                                "endpoint.online"
                              ]
                            }
                          }
                        }
                      },
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "OS Patch Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "display_name",
                                                      "vendor",
                                                      "product",
                                                      "severity",
                                                      "title",
                                                      "description",
                                                      "category"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "object_guid",
                                                      "security_update_id",
                                                      "patch_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "Os Patch UID Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "account_id",
                                                    "parent_account_id",
                                                    "machine_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "object_guid",
                                                    "security_update_id",
                                                    "patch_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "display_name",
                                                      "vendor",
                                                      "product",
                                                      "severity",
                                                      "title",
                                                      "description",
                                                      "category"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Boolean (Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "OS Patch Boolean Fields",
                                                    "enum": [
                                                      "reboot_required",
                                                      "preview_patch"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals"
                                                ]
                                              },
                                              "value": {
                                                "title": "Value to search. Must be true or false",
                                                "type": "boolean"
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "size"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at",
                                                      "released_at"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "Os Patch Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_name",
                                                      "group_name",
                                                      "host_name",
                                                      "fully_qualified_host_name",
                                                      "domain_name",
                                                      "alias",
                                                      "display_name",
                                                      "vendor",
                                                      "product",
                                                      "severity",
                                                      "title",
                                                      "description",
                                                      "category"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "account_id",
                                                      "parent_account_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "object_guid",
                                                      "security_update_id",
                                                      "patch_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "os_info.os_type",
                                                      "os_info.os_platform",
                                                      "os_info.os_architecture"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Os Patch Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "created_at",
                                                      "released_at"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "account_name",
                                            "value": "Test Account",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "OS Patch aggregation fields",
                                        "enum": [
                                          "machine_id",
                                          "group_id",
                                          "root_group_id",
                                          "object_guid",
                                          "host_name",
                                          "fully_qualified_host_name",
                                          "display_name",
                                          "vendor",
                                          "product",
                                          "os_info.os_type",
                                          "os_info.os_version",
                                          "os_info.os_platform",
                                          "os_info.os_architecture",
                                          "os_info.os_release_name",
                                          "severity",
                                          "title",
                                          "description",
                                          "category",
                                          "security_update_id",
                                          "patch_id",
                                          "kb_id",
                                          "created_at",
                                          "released_at",
                                          "reboot_required",
                                          "preview_patch",
                                          "size"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "OS Patch sort fields",
                                      "enum": [
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "object_guid",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "display_name",
                                        "vendor",
                                        "product",
                                        "os_info.os_type",
                                        "os_info.os_version",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name",
                                        "severity",
                                        "title",
                                        "description",
                                        "category",
                                        "security_update_id",
                                        "patch_id",
                                        "kb_id",
                                        "created_at",
                                        "released_at",
                                        "reboot_required",
                                        "preview_patch",
                                        "size"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.os_patches.async"
      }
    },
    "/nebula/v1/grid/os-patches/search": {
      "post": {
        "description": "Search OS Patches per account",
        "summary": "Search OS Patches",
        "simple_schema": "os-patch-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "OS Patch Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Os Patch Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "display_name",
                                        "vendor",
                                        "product",
                                        "severity",
                                        "title",
                                        "description",
                                        "category"
                                      ]
                                    },
                                    {
                                      "title": "Os Patch UID Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "object_guid",
                                        "security_update_id",
                                        "patch_id"
                                      ]
                                    },
                                    {
                                      "title": "Os Patch Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "os_info.os_type",
                                        "os_info.os_platform",
                                        "os_info.os_architecture"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "Os Patch UID Fields",
                                    "type": "string",
                                    "enum": [
                                      "account_id",
                                      "parent_account_id",
                                      "machine_id",
                                      "group_id",
                                      "root_group_id",
                                      "object_guid",
                                      "security_update_id",
                                      "patch_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Os Patch Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "display_name",
                                        "vendor",
                                        "product",
                                        "severity",
                                        "title",
                                        "description",
                                        "category"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Boolean (Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "type": "string",
                                      "title": "OS Patch Boolean Fields",
                                      "enum": [
                                        "reboot_required",
                                        "preview_patch"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "title": "Value to search. Must be true or false",
                                  "type": "boolean"
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Os Patch Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "size"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "Os Patch Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "created_at",
                                        "released_at"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "Os Patch Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_name",
                                        "group_name",
                                        "host_name",
                                        "fully_qualified_host_name",
                                        "domain_name",
                                        "alias",
                                        "display_name",
                                        "vendor",
                                        "product",
                                        "severity",
                                        "title",
                                        "description",
                                        "category"
                                      ]
                                    },
                                    {
                                      "title": "Os Patch UID Fields",
                                      "type": "string",
                                      "enum": [
                                        "account_id",
                                        "parent_account_id",
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "object_guid",
                                        "security_update_id",
                                        "patch_id"
                                      ]
                                    },
                                    {
                                      "title": "Os Patch Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "os_info.os_type",
                                        "os_info.os_platform",
                                        "os_info.os_architecture"
                                      ]
                                    },
                                    {
                                      "title": "Os Patch Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "created_at",
                                        "released_at"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "account_name",
                              "value": "Test Account",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "OS Patch aggregation fields",
                          "enum": [
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "display_name",
                            "vendor",
                            "product",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "severity",
                            "title",
                            "description",
                            "category",
                            "security_update_id",
                            "patch_id",
                            "kb_id",
                            "created_at",
                            "released_at",
                            "reboot_required",
                            "preview_patch",
                            "size"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "OS Patch sort fields",
                        "enum": [
                          "machine_id",
                          "group_id",
                          "root_group_id",
                          "object_guid",
                          "host_name",
                          "fully_qualified_host_name",
                          "display_name",
                          "vendor",
                          "product",
                          "os_info.os_type",
                          "os_info.os_version",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name",
                          "severity",
                          "title",
                          "description",
                          "category",
                          "security_update_id",
                          "patch_id",
                          "kb_id",
                          "created_at",
                          "released_at",
                          "reboot_required",
                          "preview_patch",
                          "size"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search OS Patches result",
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "properties": {
                          "account_id": {
                            "type": "string"
                          },
                          "parent_account_id": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "root_group_id": {
                            "type": "string"
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "vendor": {
                            "type": "string"
                          },
                          "product": {
                            "type": "string"
                          },
                          "host_name": {
                            "type": "string"
                          },
                          "fully_qualified_host_name": {
                            "type": "string"
                          },
                          "display_name": {
                            "type": "string"
                          },
                          "domain_name": {
                            "type": "string"
                          },
                          "created_at": {
                            "type": "string"
                          },
                          "object_guid": {
                            "type": "string"
                          },
                          "title": {
                            "type": "string"
                          },
                          "description": {
                            "type": "string"
                          },
                          "severity": {
                            "type": "string"
                          },
                          "category": {
                            "type": "string"
                          },
                          "security_update_id": {
                            "type": "string"
                          },
                          "patch_id": {
                            "type": "string"
                          },
                          "released_at": {
                            "type": "string"
                          },
                          "size": {
                            "type": "number"
                          },
                          "reboot_required": {
                            "type": "boolean"
                          },
                          "preview_patch": {
                            "type": "boolean"
                          },
                          "os_info": {
                            "properties": {
                              "os_type": {
                                "type": "string"
                              },
                              "os_version": {
                                "type": "string"
                              },
                              "os_platform": {
                                "type": "string"
                              },
                              "os_architecture": {
                                "type": "string"
                              },
                              "os_release_name": {
                                "type": "string"
                              }
                            }
                          },
                          "endpoint": {
                            "properties": {
                              "last_user": {
                                "type": "string"
                              },
                              "last_day_seen": {
                                "type": "string",
                                "examples": [
                                  "2020-06-01T09:52:10.579Z"
                                ]
                              }
                            }
                          },
                          "group": {
                            "properties": {
                              "name": {
                                "type": "string"
                              },
                              "policy_id": {
                                "type": "string"
                              },
                              "policy_name": {
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "results",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.os_patches"
      }
    },
    "/nebula/v1/grid/os-patches/search-groupby": {
      "post": {
        "description": "Search grouped OS Patches per account",
        "summary": "Search grouped OS Patches",
        "simple_schema": "os-patch-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "OS Patch Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "OS Patch Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Os Patch Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "display_name",
                                            "vendor",
                                            "product",
                                            "severity",
                                            "title",
                                            "description",
                                            "category"
                                          ]
                                        },
                                        {
                                          "title": "Os Patch UID Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "parent_account_id",
                                            "machine_id",
                                            "group_id",
                                            "root_group_id",
                                            "object_guid",
                                            "security_update_id",
                                            "patch_id"
                                          ]
                                        },
                                        {
                                          "title": "Os Patch Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "os_info.os_type",
                                            "os_info.os_platform",
                                            "os_info.os_architecture"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "Os Patch UID Fields",
                                        "type": "string",
                                        "enum": [
                                          "account_id",
                                          "parent_account_id",
                                          "machine_id",
                                          "group_id",
                                          "root_group_id",
                                          "object_guid",
                                          "security_update_id",
                                          "patch_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Os Patch Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "display_name",
                                            "vendor",
                                            "product",
                                            "severity",
                                            "title",
                                            "description",
                                            "category"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Boolean (Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "type": "string",
                                          "title": "OS Patch Boolean Fields",
                                          "enum": [
                                            "reboot_required",
                                            "preview_patch"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "title": "Value to search. Must be true or false",
                                      "type": "boolean"
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Os Patch Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "size"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "Os Patch Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "created_at",
                                            "released_at"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "Os Patch Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_name",
                                            "group_name",
                                            "host_name",
                                            "fully_qualified_host_name",
                                            "domain_name",
                                            "alias",
                                            "display_name",
                                            "vendor",
                                            "product",
                                            "severity",
                                            "title",
                                            "description",
                                            "category"
                                          ]
                                        },
                                        {
                                          "title": "Os Patch UID Fields",
                                          "type": "string",
                                          "enum": [
                                            "account_id",
                                            "parent_account_id",
                                            "machine_id",
                                            "group_id",
                                            "root_group_id",
                                            "object_guid",
                                            "security_update_id",
                                            "patch_id"
                                          ]
                                        },
                                        {
                                          "title": "Os Patch Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "os_info.os_type",
                                            "os_info.os_platform",
                                            "os_info.os_architecture"
                                          ]
                                        },
                                        {
                                          "title": "Os Patch Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "created_at",
                                            "released_at"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "account_name",
                                  "value": "Test Account",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "OS Patch aggregation fields",
                              "enum": [
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "object_guid",
                                "host_name",
                                "fully_qualified_host_name",
                                "display_name",
                                "vendor",
                                "product",
                                "os_info.os_type",
                                "os_info.os_version",
                                "os_info.os_platform",
                                "os_info.os_architecture",
                                "os_info.os_release_name",
                                "severity",
                                "title",
                                "description",
                                "category",
                                "security_update_id",
                                "patch_id",
                                "kb_id",
                                "created_at",
                                "released_at",
                                "reboot_required",
                                "preview_patch",
                                "size"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "OS Patch sort fields",
                            "enum": [
                              "machine_id",
                              "group_id",
                              "root_group_id",
                              "object_guid",
                              "host_name",
                              "fully_qualified_host_name",
                              "display_name",
                              "vendor",
                              "product",
                              "os_info.os_type",
                              "os_info.os_version",
                              "os_info.os_platform",
                              "os_info.os_architecture",
                              "os_info.os_release_name",
                              "severity",
                              "title",
                              "description",
                              "category",
                              "security_update_id",
                              "patch_id",
                              "kb_id",
                              "created_at",
                              "released_at",
                              "reboot_required",
                              "preview_patch",
                              "size"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "OS Patch Groupby Fields",
                          "enum": [
                            "account_id",
                            "account_name",
                            "parent_account_id",
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "object_guid",
                            "host_name",
                            "fully_qualified_host_name",
                            "display_name",
                            "vendor",
                            "product",
                            "os_info.os_type",
                            "os_info.os_version",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "os_info.os_release_name",
                            "severity",
                            "title",
                            "description",
                            "category",
                            "security_update_id",
                            "patch_id",
                            "kb_id",
                            "created_at",
                            "released_at",
                            "reboot_required",
                            "preview_patch",
                            "size"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post OS Patches Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.os_patches.group"
      }
    },
    "/nebula/v1/grid/rid/export": {
      "post": {
        "description": "Export RID rules per account",
        "summary": "Export RID rules",
        "simple_schema": "rid-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "RID Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "RID Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "group_name",
                                                      "policy_name",
                                                      "account_name",
                                                      "protocol",
                                                      "attack_user",
                                                      "machine_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "rule_id",
                                                      "origin_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "RID UID Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "id",
                                                    "rule_id",
                                                    "origin_id",
                                                    "machine_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "group_name",
                                                      "policy_name",
                                                      "account_name",
                                                      "protocol",
                                                      "attack_user",
                                                      "machine_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "port",
                                                      "attempts",
                                                      "duration"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "RID Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "create_time"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "RID IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "group_name",
                                                      "policy_name",
                                                      "account_name",
                                                      "protocol",
                                                      "attack_user",
                                                      "machine_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "rule_id",
                                                      "origin_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "create_time"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "group_name",
                                            "value": "Default Group",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "RID aggregation fields",
                                        "enum": [
                                          "protection_status",
                                          "agent.os_info.os_release_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "agent.nics.description",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.host_name",
                                          "agent.fully_qualified_host_name",
                                          "agent.plugins.asset_manager.plugin_version",
                                          "agent.plugins.asset_manager.reboot_reasons",
                                          "agent.plugins.endpoint_protection.plugin_version",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.plugins.endpoint_protection.update_package_version",
                                          "agent.plugins.endpoint_protection.reboot_reasons",
                                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                                          "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                          "agent.plugins.incident_response.plugin_version",
                                          "agent.plugins.incident_response.reboot_reasons",
                                          "agent.plugins.siem.plugin_version",
                                          "agent.plugins.siem.reboot_reasons",
                                          "agent.plugins.browser_phishing_protection.plugin_version",
                                          "agent.engine_version",
                                          "agent.domain_name",
                                          "agent.policy_etag",
                                          "agent.last_user",
                                          "agent.is_software_update_available",
                                          "origin_id",
                                          "machine_id",
                                          "group_id",
                                          "root_group_id",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "port",
                                          "protocol",
                                          "attack_user",
                                          "agent.machine_ip",
                                          "ip",
                                          "deleted",
                                          "machine_name",
                                          "source_location.city",
                                          "source_location.country",
                                          "source_location.country_iso",
                                          "source_location.continent",
                                          "source_location.time_zone",
                                          "source_location.postal_code",
                                          "source_location.subdivisions",
                                          "destination_location.city",
                                          "destination_location.country",
                                          "destination_location.country_iso",
                                          "destination_location.continent",
                                          "destination_location.time_zone",
                                          "destination_location.postal_code",
                                          "destination_location.subdivisions"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "If the sort field is used, then sort_order is required.",
                                      "enum": [
                                        "id",
                                        "rule_id",
                                        "origin_id",
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "account_id",
                                        "account_name",
                                        "port",
                                        "attempts",
                                        "duration",
                                        "protocol",
                                        "attack_user",
                                        "machine_ip",
                                        "ip",
                                        "create_time",
                                        "expire_time",
                                        "deleted",
                                        "machine_name",
                                        "at",
                                        "nics.ips",
                                        "nics.mac_address",
                                        "nics.description.keyword",
                                        "os_info.os_type",
                                        "os_info.os_version.keyword",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name.keyword",
                                        "host_name.keyword",
                                        "fully_qualified_host_name.keyword",
                                        "plugins.asset_manager.plugin_version.keyword",
                                        "plugins.asset_manager.reboot_reasons",
                                        "plugins.endpoint_protection.plugin_version.keyword",
                                        "plugins.endpoint_protection.sdk_version.keyword",
                                        "plugins.endpoint_protection.component_package_version.keyword",
                                        "plugins.endpoint_protection.update_package_version.keyword",
                                        "plugins.endpoint_protection.reboot_reasons",
                                        "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                        "plugins.endpoint_detection_and_response.reboot_reasons",
                                        "plugins.incident_response.plugin_version.keyword",
                                        "plugins.incident_response.reboot_reasons",
                                        "plugins.siem.plugin_version.keyword",
                                        "plugins.browser_phishing_protection.plugin_version.keyword",
                                        "plugins.siem.reboot_reasons",
                                        "engine_version.keyword",
                                        "domain_name.keyword",
                                        "policy_etag",
                                        "source_location.city",
                                        "source_location.country",
                                        "source_location.country_iso",
                                        "source_location.continent",
                                        "source_location.time_zone",
                                        "source_location.postal_code",
                                        "source_location.subdivisions",
                                        "destination_location.city",
                                        "destination_location.country",
                                        "destination_location.country_iso",
                                        "destination_location.continent",
                                        "destination_location.time_zone",
                                        "destination_location.postal_code",
                                        "destination_location.subdivisions"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.rid"
      }
    },
    "/nebula/v1/grid/rid/export/async": {
      "post": {
        "description": "Export RID rules per account",
        "summary": "Export RID rules asynchronously",
        "simple_schema": "rid-export-grid-simple",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "RID Export Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Base Export Schema",
                    "required": [
                      "groups",
                      "select",
                      "format"
                    ],
                    "properties": {
                      "format": {
                        "type": "string",
                        "title": "The output file",
                        "enum": [
                          "csv",
                          "xlsx",
                          "html",
                          "ods",
                          "txt",
                          "rtf",
                          "json"
                        ]
                      },
                      "download": {
                        "type": "boolean",
                        "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                      },
                      "type": {
                        "type": "string",
                        "title": "The encoding of the output",
                        "enum": [
                          "string",
                          "base64",
                          "binary"
                        ],
                        "default": "string"
                      },
                      "select": {
                        "type": "array",
                        "title": "Which fields to select from the response",
                        "items": {
                          "type": "object",
                          "title": "Field",
                          "required": [
                            "field",
                            "newField"
                          ],
                          "properties": {
                            "newField": {
                              "type": "string",
                              "title": "the new value"
                            },
                            "field": {
                              "type": "string",
                              "title": "The response field to map to a new value"
                            }
                          }
                        }
                      },
                      "groups": {
                        "type": "array",
                        "title": "List of queries",
                        "items": {
                          "type": "object"
                        }
                      }
                    }
                  },
                  {
                    "properties": {
                      "groups": {
                        "items": {
                          "title": "List of queries to fetch dns activity",
                          "allOf": [
                            {
                              "type": "object",
                              "allOf": [
                                {
                                  "properties": {
                                    "constraints": {
                                      "type": "array",
                                      "items": {
                                        "title": "RID Constraints",
                                        "type": "object",
                                        "required": [
                                          "field"
                                        ],
                                        "anyOf": [
                                          {
                                            "title": "String (Equals, Not Equals) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "group_name",
                                                      "policy_name",
                                                      "account_name",
                                                      "protocol",
                                                      "attack_user",
                                                      "machine_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "rule_id",
                                                      "origin_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "equals",
                                                  "not_equals"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            },
                                            "if": {
                                              "properties": {
                                                "field": {
                                                  "title": "RID UID Fields",
                                                  "type": "string",
                                                  "enum": [
                                                    "id",
                                                    "rule_id",
                                                    "origin_id",
                                                    "machine_id",
                                                    "group_id",
                                                    "root_group_id",
                                                    "policy_id"
                                                  ]
                                                }
                                              }
                                            },
                                            "then": {
                                              "properties": {
                                                "value": {
                                                  "type": [
                                                    "string",
                                                    "array"
                                                  ],
                                                  "format": "uuid",
                                                  "items": {
                                                    "type": "string",
                                                    "format": "uuid"
                                                  }
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "String (Contains, Not Contains) Constraints",
                                            "required": [
                                              "operator",
                                              "value"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "group_name",
                                                      "policy_name",
                                                      "account_name",
                                                      "protocol",
                                                      "attack_user",
                                                      "machine_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "contains",
                                                  "not_contains"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "port",
                                                      "attempts",
                                                      "duration"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Number Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.started_at_offset",
                                                      "agent.plugins.asset_manager.reboot_reasons",
                                                      "agent.plugins.endpoint_protection.reboot_reasons",
                                                      "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                                      "agent.plugins.incident_response.reboot_reasons",
                                                      "agent.plugins.siem.reboot_reasons"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Number Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "gt": {
                                                    "type": "number",
                                                    "title": "Greater than"
                                                  },
                                                  "lt": {
                                                    "type": "number",
                                                    "title": "Less than"
                                                  },
                                                  "gte": {
                                                    "type": "number",
                                                    "title": "Greater than or equals"
                                                  },
                                                  "lte": {
                                                    "type": "number",
                                                    "title": "Less than or equals"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Number",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "gt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lt"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "gte"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "lte"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "number",
                                                      "array"
                                                    ],
                                                    "title": "Value to search",
                                                    "items": {
                                                      "type": "number"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "Date (start, end) Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "RID Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "create_time"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "oneOf": [
                                              {
                                                "minProperties": 1,
                                                "title": "Specify Date Range",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "operator"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "value"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "properties": {
                                                  "start": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "Start Date"
                                                  },
                                                  "end": {
                                                    "type": "string",
                                                    "format": "date-time",
                                                    "title": "End Date"
                                                  }
                                                }
                                              },
                                              {
                                                "title": "Specify Exact Date",
                                                "not": {
                                                  "anyOf": [
                                                    {
                                                      "required": [
                                                        "start"
                                                      ]
                                                    },
                                                    {
                                                      "required": [
                                                        "end"
                                                      ]
                                                    }
                                                  ]
                                                },
                                                "required": [
                                                  "operator",
                                                  "value"
                                                ],
                                                "properties": {
                                                  "operator": {
                                                    "type": "string",
                                                    "enum": [
                                                      "equals"
                                                    ]
                                                  },
                                                  "value": {
                                                    "type": [
                                                      "string",
                                                      "array"
                                                    ],
                                                    "format": "date-time",
                                                    "title": "Value to search",
                                                    "items": {
                                                      "format": "date-time"
                                                    }
                                                  }
                                                }
                                              }
                                            ]
                                          },
                                          {
                                            "title": "IP Constraints",
                                            "properties": {
                                              "field": {
                                                "oneOf": [
                                                  {
                                                    "title": "RID IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "enum": [
                                                  "ip"
                                                ]
                                              },
                                              "value": {
                                                "type": [
                                                  "string",
                                                  "array"
                                                ],
                                                "title": "Value to search",
                                                "items": {
                                                  "type": "string"
                                                }
                                              }
                                            }
                                          },
                                          {
                                            "title": "Field Exists/Not Exists Constraints",
                                            "required": [
                                              "operator"
                                            ],
                                            "properties": {
                                              "field": {
                                                "type": "string",
                                                "oneOf": [
                                                  {
                                                    "title": "RID Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "group_name",
                                                      "policy_name",
                                                      "account_name",
                                                      "protocol",
                                                      "attack_user",
                                                      "machine_name"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID UID Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "id",
                                                      "rule_id",
                                                      "origin_id",
                                                      "machine_id",
                                                      "group_id",
                                                      "root_group_id",
                                                      "policy_id"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Simple String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.mac_address",
                                                      "agent.nics.description",
                                                      "agent.os_info.os_version",
                                                      "agent.os_info.os_release_name",
                                                      "agent.os_info.os_architecture",
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.asset_manager.alerts.codes",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_protection.alerts.codes",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.plugins.incident_response.alerts.codes",
                                                      "agent.plugins.siem.plugin_version",
                                                      "agent.plugins.siem.alerts.codes",
                                                      "agent.plugins.browser_phishing_protection.plugin_version",
                                                      "agent.plugins.browser_phishing_protection.alerts.codes",
                                                      "agent.engine_version",
                                                      "agent.source_location.city",
                                                      "agent.source_location.country",
                                                      "agent.source_location.subdivisions",
                                                      "agent.source_location.time_zone",
                                                      "agent.domain_name",
                                                      "agent.alias",
                                                      "agent.policy_etag",
                                                      "agent.serial_number",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion",
                                                      "agent.alerts.codes",
                                                      "agent.host_name",
                                                      "agent.fully_qualified_host_name",
                                                      "agent.object_guid",
                                                      "agent.last_user"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Enum String Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.os_info.os_type",
                                                      "agent.os_info.os_platform"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Version fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.plugins.asset_manager.plugin_version",
                                                      "agent.plugins.endpoint_protection.plugin_version",
                                                      "agent.plugins.endpoint_protection.sdk_version",
                                                      "agent.plugins.endpoint_protection.component_package_version",
                                                      "agent.plugins.endpoint_protection.update_package_version",
                                                      "agent.plugins.endpoint_detection_and_response.plugin_version",
                                                      "agent.plugins.incident_response.plugin_version",
                                                      "agent.plugins.incident_response.update_package_version",
                                                      "agent.available_software_updates.sdk_version.currentVersion",
                                                      "agent.available_software_updates.sdk_version.newVersion"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent IP Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.nics.ips",
                                                      "agent.machine_ip"
                                                    ]
                                                  },
                                                  {
                                                    "title": "RID Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "create_time"
                                                    ]
                                                  },
                                                  {
                                                    "title": "Agent Date Fields",
                                                    "type": "string",
                                                    "enum": [
                                                      "agent.at",
                                                      "agent.started_at_local"
                                                    ]
                                                  }
                                                ]
                                              },
                                              "operator": {
                                                "type": "string",
                                                "description": "Operator to apply to the constraint",
                                                "enum": [
                                                  "exists",
                                                  "not_exists"
                                                ]
                                              }
                                            }
                                          }
                                        ]
                                      },
                                      "examples": [
                                        [
                                          {
                                            "field": "group_name",
                                            "value": "Default Group",
                                            "operator": "equals"
                                          }
                                        ]
                                      ]
                                    },
                                    "aggregations": {
                                      "items": {
                                        "type": "string",
                                        "title": "RID aggregation fields",
                                        "enum": [
                                          "protection_status",
                                          "agent.os_info.os_release_name",
                                          "agent.nics.ips",
                                          "agent.nics.mac_address",
                                          "agent.nics.description",
                                          "agent.os_info.os_type",
                                          "agent.os_info.os_version",
                                          "agent.os_info.os_platform",
                                          "agent.os_info.os_architecture",
                                          "agent.host_name",
                                          "agent.fully_qualified_host_name",
                                          "agent.plugins.asset_manager.plugin_version",
                                          "agent.plugins.asset_manager.reboot_reasons",
                                          "agent.plugins.endpoint_protection.plugin_version",
                                          "agent.plugins.endpoint_protection.sdk_version",
                                          "agent.plugins.endpoint_protection.component_package_version",
                                          "agent.plugins.endpoint_protection.update_package_version",
                                          "agent.plugins.endpoint_protection.reboot_reasons",
                                          "agent.plugins.endpoint_detection_and_response.plugin_version",
                                          "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                          "agent.plugins.incident_response.plugin_version",
                                          "agent.plugins.incident_response.reboot_reasons",
                                          "agent.plugins.siem.plugin_version",
                                          "agent.plugins.siem.reboot_reasons",
                                          "agent.plugins.browser_phishing_protection.plugin_version",
                                          "agent.engine_version",
                                          "agent.domain_name",
                                          "agent.policy_etag",
                                          "agent.last_user",
                                          "agent.is_software_update_available",
                                          "origin_id",
                                          "machine_id",
                                          "group_id",
                                          "root_group_id",
                                          "group_name",
                                          "policy_id",
                                          "policy_name",
                                          "port",
                                          "protocol",
                                          "attack_user",
                                          "agent.machine_ip",
                                          "ip",
                                          "deleted",
                                          "machine_name",
                                          "source_location.city",
                                          "source_location.country",
                                          "source_location.country_iso",
                                          "source_location.continent",
                                          "source_location.time_zone",
                                          "source_location.postal_code",
                                          "source_location.subdivisions",
                                          "destination_location.city",
                                          "destination_location.country",
                                          "destination_location.country_iso",
                                          "destination_location.continent",
                                          "destination_location.time_zone",
                                          "destination_location.postal_code",
                                          "destination_location.subdivisions"
                                        ]
                                      }
                                    },
                                    "sort_field": {
                                      "type": "string",
                                      "title": "If the sort field is used, then sort_order is required.",
                                      "enum": [
                                        "id",
                                        "rule_id",
                                        "origin_id",
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "group_name",
                                        "policy_id",
                                        "policy_name",
                                        "account_id",
                                        "account_name",
                                        "port",
                                        "attempts",
                                        "duration",
                                        "protocol",
                                        "attack_user",
                                        "machine_ip",
                                        "ip",
                                        "create_time",
                                        "expire_time",
                                        "deleted",
                                        "machine_name",
                                        "at",
                                        "nics.ips",
                                        "nics.mac_address",
                                        "nics.description.keyword",
                                        "os_info.os_type",
                                        "os_info.os_version.keyword",
                                        "os_info.os_platform",
                                        "os_info.os_architecture",
                                        "os_info.os_release_name.keyword",
                                        "host_name.keyword",
                                        "fully_qualified_host_name.keyword",
                                        "plugins.asset_manager.plugin_version.keyword",
                                        "plugins.asset_manager.reboot_reasons",
                                        "plugins.endpoint_protection.plugin_version.keyword",
                                        "plugins.endpoint_protection.sdk_version.keyword",
                                        "plugins.endpoint_protection.component_package_version.keyword",
                                        "plugins.endpoint_protection.update_package_version.keyword",
                                        "plugins.endpoint_protection.reboot_reasons",
                                        "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                        "plugins.endpoint_detection_and_response.reboot_reasons",
                                        "plugins.incident_response.plugin_version.keyword",
                                        "plugins.incident_response.reboot_reasons",
                                        "plugins.siem.plugin_version.keyword",
                                        "plugins.browser_phishing_protection.plugin_version.keyword",
                                        "plugins.siem.reboot_reasons",
                                        "engine_version.keyword",
                                        "domain_name.keyword",
                                        "policy_etag",
                                        "source_location.city",
                                        "source_location.country",
                                        "source_location.country_iso",
                                        "source_location.continent",
                                        "source_location.time_zone",
                                        "source_location.postal_code",
                                        "source_location.subdivisions",
                                        "destination_location.city",
                                        "destination_location.country",
                                        "destination_location.country_iso",
                                        "destination_location.continent",
                                        "destination_location.time_zone",
                                        "destination_location.postal_code",
                                        "destination_location.subdivisions"
                                      ]
                                    }
                                  }
                                },
                                {
                                  "type": "object",
                                  "title": "Base Search Schema",
                                  "properties": {
                                    "aggregations": {
                                      "type": "array",
                                      "title": "The fields onto which you can perform aggregations",
                                      "items": {
                                        "type": "string",
                                        "title": "The Items Schema"
                                      }
                                    },
                                    "page_size": {
                                      "type": "number",
                                      "title": "The page size. If you just need to aggregate, set it to 0",
                                      "minimum": 0,
                                      "maximum": 2000
                                    },
                                    "sort_field": {
                                      "title": "Sort Fields",
                                      "type": "string"
                                    },
                                    "sort_order": {
                                      "type": "string",
                                      "title": "Whether sorting should be ascending or descending",
                                      "enum": [
                                        "asc",
                                        "desc"
                                      ]
                                    },
                                    "aggregate_by_account": {
                                      "type": "boolean",
                                      "title": "Indicates whether aggregations should be scoped by account"
                                    },
                                    "next_cursor": {
                                      "type": "string",
                                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                                      "examples": [
                                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.export.rid.async"
      }
    },
    "/nebula/v1/grid/rid/search": {
      "post": {
        "description": "Search RID rules per account",
        "summary": "Search RID rules",
        "simple_schema": "rid-search-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateless"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "allOf": [
                  {
                    "properties": {
                      "constraints": {
                        "type": "array",
                        "items": {
                          "title": "RID Constraints",
                          "type": "object",
                          "required": [
                            "field"
                          ],
                          "anyOf": [
                            {
                              "title": "String (Equals, Not Equals) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "RID Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "group_name",
                                        "policy_name",
                                        "account_name",
                                        "protocol",
                                        "attack_user",
                                        "machine_name"
                                      ]
                                    },
                                    {
                                      "title": "RID UID Fields",
                                      "type": "string",
                                      "enum": [
                                        "id",
                                        "rule_id",
                                        "origin_id",
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "policy_id"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "equals",
                                    "not_equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "if": {
                                "properties": {
                                  "field": {
                                    "title": "RID UID Fields",
                                    "type": "string",
                                    "enum": [
                                      "id",
                                      "rule_id",
                                      "origin_id",
                                      "machine_id",
                                      "group_id",
                                      "root_group_id",
                                      "policy_id"
                                    ]
                                  }
                                }
                              },
                              "then": {
                                "properties": {
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "format": "uuid",
                                    "items": {
                                      "type": "string",
                                      "format": "uuid"
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "title": "String (Contains, Not Contains) Constraints",
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "RID Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "group_name",
                                        "policy_name",
                                        "account_name",
                                        "protocol",
                                        "attack_user",
                                        "machine_name"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "contains",
                                    "not_contains"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Number Constraints (gt, gte, lt, lte, equals)",
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "RID Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "port",
                                        "attempts",
                                        "duration"
                                      ]
                                    },
                                    {
                                      "title": "Agent Number Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.started_at_offset",
                                        "agent.plugins.asset_manager.reboot_reasons",
                                        "agent.plugins.endpoint_protection.reboot_reasons",
                                        "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                        "agent.plugins.incident_response.reboot_reasons",
                                        "agent.plugins.siem.reboot_reasons"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Number Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "gt": {
                                      "type": "number",
                                      "title": "Greater than"
                                    },
                                    "lt": {
                                      "type": "number",
                                      "title": "Less than"
                                    },
                                    "gte": {
                                      "type": "number",
                                      "title": "Greater than or equals"
                                    },
                                    "lte": {
                                      "type": "number",
                                      "title": "Less than or equals"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Number",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "gt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lt"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "gte"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "lte"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "number",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "number"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "Date (start, end) Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "RID Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "create_time"
                                      ]
                                    },
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    }
                                  ]
                                }
                              },
                              "oneOf": [
                                {
                                  "minProperties": 1,
                                  "title": "Specify Date Range",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "operator"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "value"
                                        ]
                                      }
                                    ]
                                  },
                                  "properties": {
                                    "start": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "Start Date"
                                    },
                                    "end": {
                                      "type": "string",
                                      "format": "date-time",
                                      "title": "End Date"
                                    }
                                  }
                                },
                                {
                                  "title": "Specify Exact Date",
                                  "not": {
                                    "anyOf": [
                                      {
                                        "required": [
                                          "start"
                                        ]
                                      },
                                      {
                                        "required": [
                                          "end"
                                        ]
                                      }
                                    ]
                                  },
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "date-time",
                                      "title": "Value to search",
                                      "items": {
                                        "format": "date-time"
                                      }
                                    }
                                  }
                                }
                              ]
                            },
                            {
                              "title": "IP Constraints",
                              "properties": {
                                "field": {
                                  "oneOf": [
                                    {
                                      "title": "RID IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "ip"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "title": "Value to search",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            {
                              "title": "Field Exists/Not Exists Constraints",
                              "required": [
                                "operator"
                              ],
                              "properties": {
                                "field": {
                                  "type": "string",
                                  "oneOf": [
                                    {
                                      "title": "RID Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "group_name",
                                        "policy_name",
                                        "account_name",
                                        "protocol",
                                        "attack_user",
                                        "machine_name"
                                      ]
                                    },
                                    {
                                      "title": "RID UID Fields",
                                      "type": "string",
                                      "enum": [
                                        "id",
                                        "rule_id",
                                        "origin_id",
                                        "machine_id",
                                        "group_id",
                                        "root_group_id",
                                        "policy_id"
                                      ]
                                    },
                                    {
                                      "title": "Agent Simple String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.mac_address",
                                        "agent.nics.description",
                                        "agent.os_info.os_version",
                                        "agent.os_info.os_release_name",
                                        "agent.os_info.os_architecture",
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.asset_manager.alerts.codes",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_protection.alerts.codes",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.plugins.incident_response.alerts.codes",
                                        "agent.plugins.siem.plugin_version",
                                        "agent.plugins.siem.alerts.codes",
                                        "agent.plugins.browser_phishing_protection.plugin_version",
                                        "agent.plugins.browser_phishing_protection.alerts.codes",
                                        "agent.engine_version",
                                        "agent.source_location.city",
                                        "agent.source_location.country",
                                        "agent.source_location.subdivisions",
                                        "agent.source_location.time_zone",
                                        "agent.domain_name",
                                        "agent.alias",
                                        "agent.policy_etag",
                                        "agent.serial_number",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion",
                                        "agent.alerts.codes",
                                        "agent.host_name",
                                        "agent.fully_qualified_host_name",
                                        "agent.object_guid",
                                        "agent.last_user"
                                      ]
                                    },
                                    {
                                      "title": "Agent Enum String Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.os_info.os_type",
                                        "agent.os_info.os_platform"
                                      ]
                                    },
                                    {
                                      "title": "Agent Version fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.plugins.asset_manager.plugin_version",
                                        "agent.plugins.endpoint_protection.plugin_version",
                                        "agent.plugins.endpoint_protection.sdk_version",
                                        "agent.plugins.endpoint_protection.component_package_version",
                                        "agent.plugins.endpoint_protection.update_package_version",
                                        "agent.plugins.endpoint_detection_and_response.plugin_version",
                                        "agent.plugins.incident_response.plugin_version",
                                        "agent.plugins.incident_response.update_package_version",
                                        "agent.available_software_updates.sdk_version.currentVersion",
                                        "agent.available_software_updates.sdk_version.newVersion"
                                      ]
                                    },
                                    {
                                      "title": "RID IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    {
                                      "title": "Agent IP Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.nics.ips",
                                        "agent.machine_ip"
                                      ]
                                    },
                                    {
                                      "title": "RID Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "create_time"
                                      ]
                                    },
                                    {
                                      "title": "Agent Date Fields",
                                      "type": "string",
                                      "enum": [
                                        "agent.at",
                                        "agent.started_at_local"
                                      ]
                                    }
                                  ]
                                },
                                "operator": {
                                  "type": "string",
                                  "description": "Operator to apply to the constraint",
                                  "enum": [
                                    "exists",
                                    "not_exists"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "examples": [
                          [
                            {
                              "field": "group_name",
                              "value": "Default Group",
                              "operator": "equals"
                            }
                          ]
                        ]
                      },
                      "aggregations": {
                        "items": {
                          "type": "string",
                          "title": "RID aggregation fields",
                          "enum": [
                            "protection_status",
                            "agent.os_info.os_release_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.nics.description",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.host_name",
                            "agent.fully_qualified_host_name",
                            "agent.plugins.asset_manager.plugin_version",
                            "agent.plugins.asset_manager.reboot_reasons",
                            "agent.plugins.endpoint_protection.plugin_version",
                            "agent.plugins.endpoint_protection.sdk_version",
                            "agent.plugins.endpoint_protection.component_package_version",
                            "agent.plugins.endpoint_protection.update_package_version",
                            "agent.plugins.endpoint_protection.reboot_reasons",
                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                            "agent.plugins.incident_response.plugin_version",
                            "agent.plugins.incident_response.reboot_reasons",
                            "agent.plugins.siem.plugin_version",
                            "agent.plugins.siem.reboot_reasons",
                            "agent.plugins.browser_phishing_protection.plugin_version",
                            "agent.engine_version",
                            "agent.domain_name",
                            "agent.policy_etag",
                            "agent.last_user",
                            "agent.is_software_update_available",
                            "origin_id",
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "port",
                            "protocol",
                            "attack_user",
                            "agent.machine_ip",
                            "ip",
                            "deleted",
                            "machine_name",
                            "source_location.city",
                            "source_location.country",
                            "source_location.country_iso",
                            "source_location.continent",
                            "source_location.time_zone",
                            "source_location.postal_code",
                            "source_location.subdivisions",
                            "destination_location.city",
                            "destination_location.country",
                            "destination_location.country_iso",
                            "destination_location.continent",
                            "destination_location.time_zone",
                            "destination_location.postal_code",
                            "destination_location.subdivisions"
                          ]
                        }
                      },
                      "sort_field": {
                        "type": "string",
                        "title": "If the sort field is used, then sort_order is required.",
                        "enum": [
                          "id",
                          "rule_id",
                          "origin_id",
                          "machine_id",
                          "group_id",
                          "root_group_id",
                          "group_name",
                          "policy_id",
                          "policy_name",
                          "account_id",
                          "account_name",
                          "port",
                          "attempts",
                          "duration",
                          "protocol",
                          "attack_user",
                          "machine_ip",
                          "ip",
                          "create_time",
                          "expire_time",
                          "deleted",
                          "machine_name",
                          "at",
                          "nics.ips",
                          "nics.mac_address",
                          "nics.description.keyword",
                          "os_info.os_type",
                          "os_info.os_version.keyword",
                          "os_info.os_platform",
                          "os_info.os_architecture",
                          "os_info.os_release_name.keyword",
                          "host_name.keyword",
                          "fully_qualified_host_name.keyword",
                          "plugins.asset_manager.plugin_version.keyword",
                          "plugins.asset_manager.reboot_reasons",
                          "plugins.endpoint_protection.plugin_version.keyword",
                          "plugins.endpoint_protection.sdk_version.keyword",
                          "plugins.endpoint_protection.component_package_version.keyword",
                          "plugins.endpoint_protection.update_package_version.keyword",
                          "plugins.endpoint_protection.reboot_reasons",
                          "plugins.endpoint_detection_and_response.plugin_version.keyword",
                          "plugins.endpoint_detection_and_response.reboot_reasons",
                          "plugins.incident_response.plugin_version.keyword",
                          "plugins.incident_response.reboot_reasons",
                          "plugins.siem.plugin_version.keyword",
                          "plugins.browser_phishing_protection.plugin_version.keyword",
                          "plugins.siem.reboot_reasons",
                          "engine_version.keyword",
                          "domain_name.keyword",
                          "policy_etag",
                          "source_location.city",
                          "source_location.country",
                          "source_location.country_iso",
                          "source_location.continent",
                          "source_location.time_zone",
                          "source_location.postal_code",
                          "source_location.subdivisions",
                          "destination_location.city",
                          "destination_location.country",
                          "destination_location.country_iso",
                          "destination_location.continent",
                          "destination_location.time_zone",
                          "destination_location.postal_code",
                          "destination_location.subdivisions"
                        ]
                      }
                    }
                  },
                  {
                    "type": "object",
                    "title": "Base Search Schema",
                    "properties": {
                      "aggregations": {
                        "type": "array",
                        "title": "The fields onto which you can perform aggregations",
                        "items": {
                          "type": "string",
                          "title": "The Items Schema"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page size. If you just need to aggregate, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "sort_field": {
                        "title": "Sort Fields",
                        "type": "string"
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Whether sorting should be ascending or descending",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "aggregate_by_account": {
                        "type": "boolean",
                        "title": "Indicates whether aggregations should be scoped by account"
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Search assets software result",
                  "properties": {
                    "rules": {
                      "type": "array",
                      "items": {
                        "allOf": [
                          {
                            "$schema": "http://json-schema.org/draft-07/schema",
                            "type": "object",
                            "title": "The root schema",
                            "description": "The root schema comprises the entire JSON document.",
                            "default": {},
                            "examples": [
                              {
                                "parentId": "39a42ecb-bfd1-40e6-8b83-70318b7d30af",
                                "rootGroupId": "76132a40-5a9f-4197-9f38-c185f31f1d45",
                                "ruleId": "ed31c443-42fa-40ae-a4a6-a05ad8b560e4",
                                "ip": "10.153.0.162",
                                "attackUser": "Administrator",
                                "attempts": 2,
                                "expireTime": "2020-10-23T13:25:35Z",
                                "deleted": false,
                                "protocol": "RDP",
                                "createTime": "2020-10-23T13:20:35Z",
                                "groupId": "76132a40-5a9f-4197-9f38-c185f31f1d45",
                                "port": 3389,
                                "machineId": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                "accountId": "39a42ecb-bfd1-40e6-8b83-70318b7d30af",
                                "machineName": "sahamedw8-1x86",
                                "duration": 3
                              }
                            ],
                            "properties": {
                              "parent_id": {
                                "type": "string",
                                "title": "The parent_id schema",
                                "default": "",
                                "examples": [
                                  "39a42ecb-bfd1-40e6-8b83-70318b7d30af"
                                ]
                              },
                              "root_group_id": {
                                "type": "string",
                                "title": "The root_group_id schema",
                                "default": "",
                                "examples": [
                                  "76132a40-5a9f-4197-9f38-c185f31f1d45"
                                ]
                              },
                              "rule_id": {
                                "type": "string",
                                "title": "The rule_id schema",
                                "default": "",
                                "examples": [
                                  "ed31c443-42fa-40ae-a4a6-a05ad8b560e4"
                                ]
                              },
                              "ip": {
                                "type": "string",
                                "title": "The ip schema",
                                "default": "",
                                "examples": [
                                  "10.153.0.162"
                                ]
                              },
                              "attack_user": {
                                "type": "string",
                                "title": "The attack_user schema",
                                "default": "",
                                "examples": [
                                  "Administrator"
                                ]
                              },
                              "attempts": {
                                "type": "integer",
                                "title": "The attempts schema",
                                "default": 0,
                                "examples": [
                                  2
                                ]
                              },
                              "expire_time": {
                                "type": "string",
                                "title": "The expireTime schema",
                                "default": "",
                                "examples": [
                                  "2020-10-23T13:25:35Z"
                                ]
                              },
                              "deleted": {
                                "type": "boolean",
                                "title": "The deleted schema",
                                "default": false,
                                "examples": [
                                  false
                                ]
                              },
                              "protocol": {
                                "type": "string",
                                "title": "The protocol schema",
                                "default": "",
                                "examples": [
                                  "RDP"
                                ]
                              },
                              "create_time": {
                                "type": "string",
                                "title": "The create_time schema",
                                "default": "",
                                "examples": [
                                  "2020-10-23T13:20:35Z"
                                ]
                              },
                              "group_id": {
                                "type": "string",
                                "title": "The group_id schema",
                                "default": "",
                                "examples": [
                                  "76132a40-5a9f-4197-9f38-c185f31f1d45"
                                ]
                              },
                              "port": {
                                "type": "integer",
                                "title": "The port schema",
                                "default": 0,
                                "examples": [
                                  3389
                                ]
                              },
                              "machine_id": {
                                "type": "string",
                                "title": "The machine_id schema",
                                "default": "",
                                "examples": [
                                  "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                ]
                              },
                              "account_id": {
                                "type": "string",
                                "title": "The account_id schema",
                                "default": "",
                                "examples": [
                                  "39a42ecb-bfd1-40e6-8b83-70318b7d30af"
                                ]
                              },
                              "account_name": {
                                "type": "string",
                                "title": "The account_name schema",
                                "default": "",
                                "examples": [
                                  "my_account"
                                ]
                              },
                              "machine_name": {
                                "type": "string",
                                "title": "The machine_name schema",
                                "default": "",
                                "examples": [
                                  "sahamedw8-1x86"
                                ]
                              },
                              "duration": {
                                "type": "integer",
                                "title": "The duration schema",
                                "default": 0,
                                "examples": [
                                  3
                                ]
                              }
                            }
                          },
                          {
                            "properties": {
                              "agent": {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "at": "2020-10-23T14:20:51.006558Z",
                                    "is_software_update_available": false,
                                    "started_at_local": "2020-10-23T14:20:50.920306Z",
                                    "started_at_offset": -25200,
                                    "nics": [
                                      {
                                        "ips": [
                                          "10.151.110.52"
                                        ],
                                        "description": "Intel(R) 82574L Gigabit Network Connection",
                                        "mac_address": "005056B91173"
                                      }
                                    ],
                                    "os_info": {
                                      "os_type": "Workstation",
                                      "os_version": "6.3.9600",
                                      "os_platform": "Windows",
                                      "os_architecture": "x86",
                                      "os_release_name": "Microsoft Windows 8.1 Pro"
                                    },
                                    "fully_qualified_host_name": "sahamedw8-1x86",
                                    "plugins": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      },
                                      "endpoint_protection": {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      },
                                      "asset_manager": {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      },
                                      "endpoint_detection_and_response": {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    },
                                    "engine_version": "1.2.0.821",
                                    "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                    "last_user": "SAHAMEDW8-1X86\\Administrator",
                                    "serial_number": "c02thb32g8wn",
                                    "host_name": "sahamedw8-1x86",
                                    "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                    "machine_ip": "216.75.233.210"
                                  }
                                ],
                                "properties": {
                                  "at": {
                                    "type": "string",
                                    "title": "The at schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:51.006558Z"
                                    ]
                                  },
                                  "is_software_update_available": {
                                    "type": "boolean",
                                    "title": "The is_software_update_available schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "started_at_local": {
                                    "type": "string",
                                    "title": "The started_at_local schema",
                                    "default": "",
                                    "examples": [
                                      "2020-10-23T14:20:50.920306Z"
                                    ]
                                  },
                                  "started_at_offset": {
                                    "type": "integer",
                                    "title": "The started_at_offset schema",
                                    "default": 0,
                                    "examples": [
                                      -25200
                                    ]
                                  },
                                  "nics": {
                                    "type": "array",
                                    "title": "The nics schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ]
                                    ],
                                    "additionalItems": true,
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "object",
                                          "title": "The first anyOf schema",
                                          "default": {},
                                          "examples": [
                                            {
                                              "ips": [
                                                "10.151.110.52"
                                              ],
                                              "description": "Intel(R) 82574L Gigabit Network Connection",
                                              "mac_address": "005056B91173"
                                            }
                                          ],
                                          "properties": {
                                            "ips": {
                                              "type": "array",
                                              "title": "The ips schema",
                                              "default": [],
                                              "examples": [
                                                [
                                                  "10.151.110.52"
                                                ]
                                              ],
                                              "additionalItems": true,
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "title": "The first anyOf schema",
                                                    "default": "",
                                                    "examples": [
                                                      "10.151.110.52"
                                                    ]
                                                  }
                                                ]
                                              }
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "The description schema",
                                              "default": "",
                                              "examples": [
                                                "Intel(R) 82574L Gigabit Network Connection"
                                              ]
                                            },
                                            "mac_address": {
                                              "type": "string",
                                              "title": "The mac_address schema",
                                              "default": "",
                                              "examples": [
                                                "005056B91173"
                                              ]
                                            }
                                          },
                                          "additionalProperties": true
                                        }
                                      ]
                                    }
                                  },
                                  "os_info": {
                                    "type": "object",
                                    "title": "The os_info schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "os_type": "Workstation",
                                        "os_version": "6.3.9600",
                                        "os_platform": "Windows",
                                        "os_architecture": "x86",
                                        "os_release_name": "Microsoft Windows 8.1 Pro"
                                      }
                                    ],
                                    "properties": {
                                      "os_type": {
                                        "type": "string",
                                        "title": "The os_type schema",
                                        "default": "",
                                        "examples": [
                                          "Workstation"
                                        ]
                                      },
                                      "os_version": {
                                        "type": "string",
                                        "title": "The os_version schema",
                                        "default": "",
                                        "examples": [
                                          "6.3.9600"
                                        ]
                                      },
                                      "os_platform": {
                                        "type": "string",
                                        "title": "The os_platform schema",
                                        "default": "",
                                        "examples": [
                                          "Windows"
                                        ]
                                      },
                                      "os_architecture": {
                                        "type": "string",
                                        "title": "The os_architecture schema",
                                        "default": "",
                                        "examples": [
                                          "x86"
                                        ]
                                      },
                                      "os_release_name": {
                                        "type": "string",
                                        "title": "The os_release_name schema",
                                        "default": "",
                                        "examples": [
                                          "Microsoft Windows 8.1 Pro"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "fully_qualified_host_name": {
                                    "type": "string",
                                    "title": "The fully_qualified_host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "plugins": {
                                    "type": "object",
                                    "title": "The plugins schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "windows_remote_intrusion_detection_and_prevention": {
                                          "product_name": "Windows Remote Intrusion Detection and Prevention",
                                          "plugin_version": "1.2.0.21"
                                        },
                                        "endpoint_protection": {
                                          "sdk_version": "4.2.1.90",
                                          "product_name": "Endpoint Protection",
                                          "plugin_version": "1.2.0.844",
                                          "update_package_version": "1.0.31870",
                                          "component_package_version": "1.0.1085",
                                          "reboot_reasons": 0
                                        },
                                        "asset_manager": {
                                          "product_name": "Asset Manager",
                                          "plugin_version": "1.2.0.330",
                                          "reboot_reasons": 0
                                        },
                                        "endpoint_detection_and_response": {
                                          "product_name": "Endpoint Detection and Response",
                                          "plugin_version": "1.2.0.297",
                                          "reboot_reasons": 0
                                        }
                                      }
                                    ],
                                    "properties": {
                                      "windows_remote_intrusion_detection_and_prevention": {
                                        "type": "object",
                                        "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Windows Remote Intrusion Detection and Prevention",
                                            "plugin_version": "1.2.0.21"
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Windows Remote Intrusion Detection and Prevention"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.21"
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_protection": {
                                        "type": "object",
                                        "title": "The endpoint_protection schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "sdk_version": "4.2.1.90",
                                            "product_name": "Endpoint Protection",
                                            "plugin_version": "1.2.0.844",
                                            "update_package_version": "1.0.31870",
                                            "component_package_version": "1.0.1085",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "sdk_version": {
                                            "type": "string",
                                            "title": "The sdk_version schema",
                                            "default": "",
                                            "examples": [
                                              "4.2.1.90"
                                            ]
                                          },
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Protection"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.844"
                                            ]
                                          },
                                          "update_package_version": {
                                            "type": "string",
                                            "title": "The update_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.31870"
                                            ]
                                          },
                                          "component_package_version": {
                                            "type": "string",
                                            "title": "The component_package_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.0.1085"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "asset_manager": {
                                        "type": "object",
                                        "title": "The asset_manager schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Asset Manager",
                                            "plugin_version": "1.2.0.330",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Asset Manager"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.330"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      },
                                      "endpoint_detection_and_response": {
                                        "type": "object",
                                        "title": "The endpoint_detection_and_response schema",
                                        "default": {},
                                        "examples": [
                                          {
                                            "product_name": "Endpoint Detection and Response",
                                            "plugin_version": "1.2.0.297",
                                            "reboot_reasons": 0
                                          }
                                        ],
                                        "properties": {
                                          "product_name": {
                                            "type": "string",
                                            "title": "The product_name schema",
                                            "default": "",
                                            "examples": [
                                              "Endpoint Detection and Response"
                                            ]
                                          },
                                          "plugin_version": {
                                            "type": "string",
                                            "title": "The plugin_version schema",
                                            "default": "",
                                            "examples": [
                                              "1.2.0.297"
                                            ]
                                          },
                                          "reboot_reasons": {
                                            "type": "integer",
                                            "title": "The reboot_reasons schema",
                                            "default": 0,
                                            "examples": [
                                              0
                                            ]
                                          }
                                        },
                                        "additionalProperties": true
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "engine_version": {
                                    "type": "string",
                                    "title": "The engine_version schema",
                                    "default": "",
                                    "examples": [
                                      "1.2.0.821"
                                    ]
                                  },
                                  "policy_etag": {
                                    "type": "string",
                                    "title": "The policy_etag schema",
                                    "default": "",
                                    "examples": [
                                      "c6ea44914b72c92cba939ac3bd369dc4"
                                    ]
                                  },
                                  "last_user": {
                                    "type": "string",
                                    "title": "The last_user schema",
                                    "default": "",
                                    "examples": [
                                      "SAHAMEDW8-1X86\\Administrator"
                                    ]
                                  },
                                  "host_name": {
                                    "type": "string",
                                    "title": "The host_name schema",
                                    "default": "",
                                    "examples": [
                                      "sahamedw8-1x86"
                                    ]
                                  },
                                  "machine_id": {
                                    "type": "string",
                                    "title": "The machine_id schema",
                                    "default": "",
                                    "examples": [
                                      "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                    ]
                                  },
                                  "machine_ip": {
                                    "type": "string",
                                    "title": "The machine_ip schema",
                                    "default": "",
                                    "examples": [
                                      "216.75.233.210"
                                    ]
                                  },
                                  "object_guid": {
                                    "type": "string",
                                    "title": "The object_guid schema",
                                    "default": ""
                                  }
                                }
                              },
                              "source_location": {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              },
                              "destination_location": {
                                "$schema": "http://json-schema.org/draft-07/schema",
                                "type": "object",
                                "title": "The root schema",
                                "description": "The root schema comprises the entire JSON document.",
                                "default": {},
                                "examples": [
                                  {
                                    "city": "Santa Clara",
                                    "continent": "North America",
                                    "subdivisions": [
                                      "California"
                                    ],
                                    "country": "United States",
                                    "country_iso": "US",
                                    "accuracy_radius": 10,
                                    "point": {
                                      "lat": 37.3417,
                                      "lon": -121.9753
                                    },
                                    "postal_code": "95051",
                                    "anonymous_proxy": false,
                                    "time_zone": "America/Los_Angeles"
                                  }
                                ],
                                "properties": {
                                  "city": {
                                    "type": "string",
                                    "title": "The city schema",
                                    "default": "",
                                    "examples": [
                                      "Santa Clara"
                                    ]
                                  },
                                  "continent": {
                                    "type": "string",
                                    "title": "The continent schema",
                                    "default": "",
                                    "examples": [
                                      "North America"
                                    ]
                                  },
                                  "subdivisions": {
                                    "type": "array",
                                    "title": "The subdivisions schema",
                                    "default": [],
                                    "examples": [
                                      [
                                        "California"
                                      ]
                                    ],
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "title": "The first anyOf schema",
                                          "default": "",
                                          "examples": [
                                            "California"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "country": {
                                    "type": "string",
                                    "title": "The country schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "country_iso": {
                                    "type": "string",
                                    "title": "The country_iso schema",
                                    "default": "",
                                    "examples": [
                                      "United States"
                                    ]
                                  },
                                  "accuracy_radius": {
                                    "type": "integer",
                                    "title": "The accuracy_radius schema",
                                    "default": 0,
                                    "examples": [
                                      10
                                    ]
                                  },
                                  "point": {
                                    "type": "object",
                                    "title": "The point schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "lat": 37.3417,
                                        "lon": -121.9753
                                      }
                                    ],
                                    "properties": {
                                      "lat": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The latitude",
                                            "default": 0,
                                            "examples": [
                                              37.3417
                                            ]
                                          }
                                        ]
                                      },
                                      "lon": {
                                        "allOf": [
                                          {
                                            "bignumber": true
                                          },
                                          {
                                            "type": "number",
                                            "title": "The longitude",
                                            "default": 0,
                                            "examples": [
                                              -121.9753
                                            ]
                                          }
                                        ]
                                      }
                                    }
                                  },
                                  "postal_code": {
                                    "type": "string",
                                    "title": "The postal_code schema",
                                    "default": "",
                                    "examples": [
                                      "95051"
                                    ]
                                  },
                                  "anonymous_proxy": {
                                    "type": "boolean",
                                    "title": "The anonymous_proxy schema",
                                    "default": false,
                                    "examples": [
                                      false
                                    ]
                                  },
                                  "time_zone": {
                                    "type": "string",
                                    "title": "The time_zone schema",
                                    "default": "",
                                    "examples": [
                                      "America/Los_Angeles"
                                    ]
                                  }
                                }
                              }
                            }
                          }
                        ]
                      }
                    },
                    "aggregations": {
                      "type": "object",
                      "title": "Aggregations",
                      "additionalProperties": true
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of found detections"
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  },
                  "required": [
                    "rules",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.rid"
      }
    },
    "/nebula/v1/grid/rid/search-groupby": {
      "post": {
        "description": "Search grouped RID rules per account",
        "summary": "Search grouped RID rules",
        "simple_schema": "rid-search-groupby-grid-simple",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "incident": [
            "read_nebula_data"
          ],
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "RID Search Groupby Schema",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "required": [
                      "group_by",
                      "page_size"
                    ],
                    "properties": {
                      "group_by": {
                        "title": "Group by the following fields",
                        "type": "array",
                        "minItems": 1,
                        "uniqueItems": true,
                        "items": {
                          "type": "string"
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The page_size Schema",
                        "minimum": 50,
                        "maximum": 2000
                      }
                    }
                  },
                  {
                    "type": "object",
                    "allOf": [
                      {
                        "properties": {
                          "constraints": {
                            "type": "array",
                            "items": {
                              "title": "RID Constraints",
                              "type": "object",
                              "required": [
                                "field"
                              ],
                              "anyOf": [
                                {
                                  "title": "String (Equals, Not Equals) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "RID Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "group_name",
                                            "policy_name",
                                            "account_name",
                                            "protocol",
                                            "attack_user",
                                            "machine_name"
                                          ]
                                        },
                                        {
                                          "title": "RID UID Fields",
                                          "type": "string",
                                          "enum": [
                                            "id",
                                            "rule_id",
                                            "origin_id",
                                            "machine_id",
                                            "group_id",
                                            "root_group_id",
                                            "policy_id"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "equals",
                                        "not_equals"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  },
                                  "if": {
                                    "properties": {
                                      "field": {
                                        "title": "RID UID Fields",
                                        "type": "string",
                                        "enum": [
                                          "id",
                                          "rule_id",
                                          "origin_id",
                                          "machine_id",
                                          "group_id",
                                          "root_group_id",
                                          "policy_id"
                                        ]
                                      }
                                    }
                                  },
                                  "then": {
                                    "properties": {
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "uuid",
                                        "items": {
                                          "type": "string",
                                          "format": "uuid"
                                        }
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "String (Contains, Not Contains) Constraints",
                                  "required": [
                                    "operator",
                                    "value"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "RID Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "group_name",
                                            "policy_name",
                                            "account_name",
                                            "protocol",
                                            "attack_user",
                                            "machine_name"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "contains",
                                        "not_contains"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Number Constraints (gt, gte, lt, lte, equals)",
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "RID Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "port",
                                            "attempts",
                                            "duration"
                                          ]
                                        },
                                        {
                                          "title": "Agent Number Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.started_at_offset",
                                            "agent.plugins.asset_manager.reboot_reasons",
                                            "agent.plugins.endpoint_protection.reboot_reasons",
                                            "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                            "agent.plugins.incident_response.reboot_reasons",
                                            "agent.plugins.siem.reboot_reasons"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Number Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "gt": {
                                          "type": "number",
                                          "title": "Greater than"
                                        },
                                        "lt": {
                                          "type": "number",
                                          "title": "Less than"
                                        },
                                        "gte": {
                                          "type": "number",
                                          "title": "Greater than or equals"
                                        },
                                        "lte": {
                                          "type": "number",
                                          "title": "Less than or equals"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Number",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "gt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lt"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "gte"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "lte"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "number",
                                            "array"
                                          ],
                                          "title": "Value to search",
                                          "items": {
                                            "type": "number"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "Date (start, end) Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "RID Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "create_time"
                                          ]
                                        },
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        }
                                      ]
                                    }
                                  },
                                  "oneOf": [
                                    {
                                      "minProperties": 1,
                                      "title": "Specify Date Range",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "operator"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "value"
                                            ]
                                          }
                                        ]
                                      },
                                      "properties": {
                                        "start": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "Start Date"
                                        },
                                        "end": {
                                          "type": "string",
                                          "format": "date-time",
                                          "title": "End Date"
                                        }
                                      }
                                    },
                                    {
                                      "title": "Specify Exact Date",
                                      "not": {
                                        "anyOf": [
                                          {
                                            "required": [
                                              "start"
                                            ]
                                          },
                                          {
                                            "required": [
                                              "end"
                                            ]
                                          }
                                        ]
                                      },
                                      "required": [
                                        "operator",
                                        "value"
                                      ],
                                      "properties": {
                                        "operator": {
                                          "type": "string",
                                          "enum": [
                                            "equals"
                                          ]
                                        },
                                        "value": {
                                          "type": [
                                            "string",
                                            "array"
                                          ],
                                          "format": "date-time",
                                          "title": "Value to search",
                                          "items": {
                                            "format": "date-time"
                                          }
                                        }
                                      }
                                    }
                                  ]
                                },
                                {
                                  "title": "IP Constraints",
                                  "properties": {
                                    "field": {
                                      "oneOf": [
                                        {
                                          "title": "RID IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "ip"
                                          ]
                                        },
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "enum": [
                                        "ip"
                                      ]
                                    },
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "title": "Value to search",
                                      "items": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                {
                                  "title": "Field Exists/Not Exists Constraints",
                                  "required": [
                                    "operator"
                                  ],
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "oneOf": [
                                        {
                                          "title": "RID Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "group_name",
                                            "policy_name",
                                            "account_name",
                                            "protocol",
                                            "attack_user",
                                            "machine_name"
                                          ]
                                        },
                                        {
                                          "title": "RID UID Fields",
                                          "type": "string",
                                          "enum": [
                                            "id",
                                            "rule_id",
                                            "origin_id",
                                            "machine_id",
                                            "group_id",
                                            "root_group_id",
                                            "policy_id"
                                          ]
                                        },
                                        {
                                          "title": "Agent Simple String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.mac_address",
                                            "agent.nics.description",
                                            "agent.os_info.os_version",
                                            "agent.os_info.os_release_name",
                                            "agent.os_info.os_architecture",
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.asset_manager.alerts.codes",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_protection.alerts.codes",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.endpoint_detection_and_response.alerts.codes",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.plugins.incident_response.alerts.codes",
                                            "agent.plugins.siem.plugin_version",
                                            "agent.plugins.siem.alerts.codes",
                                            "agent.plugins.browser_phishing_protection.plugin_version",
                                            "agent.plugins.browser_phishing_protection.alerts.codes",
                                            "agent.engine_version",
                                            "agent.source_location.city",
                                            "agent.source_location.country",
                                            "agent.source_location.subdivisions",
                                            "agent.source_location.time_zone",
                                            "agent.domain_name",
                                            "agent.alias",
                                            "agent.policy_etag",
                                            "agent.serial_number",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion",
                                            "agent.alerts.codes",
                                            "agent.host_name",
                                            "agent.fully_qualified_host_name",
                                            "agent.object_guid",
                                            "agent.last_user"
                                          ]
                                        },
                                        {
                                          "title": "Agent Enum String Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.os_info.os_type",
                                            "agent.os_info.os_platform"
                                          ]
                                        },
                                        {
                                          "title": "Agent Version fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.plugins.asset_manager.plugin_version",
                                            "agent.plugins.endpoint_protection.plugin_version",
                                            "agent.plugins.endpoint_protection.sdk_version",
                                            "agent.plugins.endpoint_protection.component_package_version",
                                            "agent.plugins.endpoint_protection.update_package_version",
                                            "agent.plugins.endpoint_detection_and_response.plugin_version",
                                            "agent.plugins.incident_response.plugin_version",
                                            "agent.plugins.incident_response.update_package_version",
                                            "agent.available_software_updates.sdk_version.currentVersion",
                                            "agent.available_software_updates.sdk_version.newVersion"
                                          ]
                                        },
                                        {
                                          "title": "RID IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "ip"
                                          ]
                                        },
                                        {
                                          "title": "Agent IP Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.nics.ips",
                                            "agent.machine_ip"
                                          ]
                                        },
                                        {
                                          "title": "RID Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "create_time"
                                          ]
                                        },
                                        {
                                          "title": "Agent Date Fields",
                                          "type": "string",
                                          "enum": [
                                            "agent.at",
                                            "agent.started_at_local"
                                          ]
                                        }
                                      ]
                                    },
                                    "operator": {
                                      "type": "string",
                                      "description": "Operator to apply to the constraint",
                                      "enum": [
                                        "exists",
                                        "not_exists"
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "examples": [
                              [
                                {
                                  "field": "group_name",
                                  "value": "Default Group",
                                  "operator": "equals"
                                }
                              ]
                            ]
                          },
                          "aggregations": {
                            "items": {
                              "type": "string",
                              "title": "RID aggregation fields",
                              "enum": [
                                "protection_status",
                                "agent.os_info.os_release_name",
                                "agent.nics.ips",
                                "agent.nics.mac_address",
                                "agent.nics.description",
                                "agent.os_info.os_type",
                                "agent.os_info.os_version",
                                "agent.os_info.os_platform",
                                "agent.os_info.os_architecture",
                                "agent.host_name",
                                "agent.fully_qualified_host_name",
                                "agent.plugins.asset_manager.plugin_version",
                                "agent.plugins.asset_manager.reboot_reasons",
                                "agent.plugins.endpoint_protection.plugin_version",
                                "agent.plugins.endpoint_protection.sdk_version",
                                "agent.plugins.endpoint_protection.component_package_version",
                                "agent.plugins.endpoint_protection.update_package_version",
                                "agent.plugins.endpoint_protection.reboot_reasons",
                                "agent.plugins.endpoint_detection_and_response.plugin_version",
                                "agent.plugins.endpoint_detection_and_response.reboot_reasons",
                                "agent.plugins.incident_response.plugin_version",
                                "agent.plugins.incident_response.reboot_reasons",
                                "agent.plugins.siem.plugin_version",
                                "agent.plugins.siem.reboot_reasons",
                                "agent.plugins.browser_phishing_protection.plugin_version",
                                "agent.engine_version",
                                "agent.domain_name",
                                "agent.policy_etag",
                                "agent.last_user",
                                "agent.is_software_update_available",
                                "origin_id",
                                "machine_id",
                                "group_id",
                                "root_group_id",
                                "group_name",
                                "policy_id",
                                "policy_name",
                                "port",
                                "protocol",
                                "attack_user",
                                "agent.machine_ip",
                                "ip",
                                "deleted",
                                "machine_name",
                                "source_location.city",
                                "source_location.country",
                                "source_location.country_iso",
                                "source_location.continent",
                                "source_location.time_zone",
                                "source_location.postal_code",
                                "source_location.subdivisions",
                                "destination_location.city",
                                "destination_location.country",
                                "destination_location.country_iso",
                                "destination_location.continent",
                                "destination_location.time_zone",
                                "destination_location.postal_code",
                                "destination_location.subdivisions"
                              ]
                            }
                          },
                          "sort_field": {
                            "type": "string",
                            "title": "If the sort field is used, then sort_order is required.",
                            "enum": [
                              "id",
                              "rule_id",
                              "origin_id",
                              "machine_id",
                              "group_id",
                              "root_group_id",
                              "group_name",
                              "policy_id",
                              "policy_name",
                              "account_id",
                              "account_name",
                              "port",
                              "attempts",
                              "duration",
                              "protocol",
                              "attack_user",
                              "machine_ip",
                              "ip",
                              "create_time",
                              "expire_time",
                              "deleted",
                              "machine_name",
                              "at",
                              "nics.ips",
                              "nics.mac_address",
                              "nics.description.keyword",
                              "os_info.os_type",
                              "os_info.os_version.keyword",
                              "os_info.os_platform",
                              "os_info.os_architecture",
                              "os_info.os_release_name.keyword",
                              "host_name.keyword",
                              "fully_qualified_host_name.keyword",
                              "plugins.asset_manager.plugin_version.keyword",
                              "plugins.asset_manager.reboot_reasons",
                              "plugins.endpoint_protection.plugin_version.keyword",
                              "plugins.endpoint_protection.sdk_version.keyword",
                              "plugins.endpoint_protection.component_package_version.keyword",
                              "plugins.endpoint_protection.update_package_version.keyword",
                              "plugins.endpoint_protection.reboot_reasons",
                              "plugins.endpoint_detection_and_response.plugin_version.keyword",
                              "plugins.endpoint_detection_and_response.reboot_reasons",
                              "plugins.incident_response.plugin_version.keyword",
                              "plugins.incident_response.reboot_reasons",
                              "plugins.siem.plugin_version.keyword",
                              "plugins.browser_phishing_protection.plugin_version.keyword",
                              "plugins.siem.reboot_reasons",
                              "engine_version.keyword",
                              "domain_name.keyword",
                              "policy_etag",
                              "source_location.city",
                              "source_location.country",
                              "source_location.country_iso",
                              "source_location.continent",
                              "source_location.time_zone",
                              "source_location.postal_code",
                              "source_location.subdivisions",
                              "destination_location.city",
                              "destination_location.country",
                              "destination_location.country_iso",
                              "destination_location.continent",
                              "destination_location.time_zone",
                              "destination_location.postal_code",
                              "destination_location.subdivisions"
                            ]
                          }
                        }
                      },
                      {
                        "type": "object",
                        "title": "Base Search Schema",
                        "properties": {
                          "aggregations": {
                            "type": "array",
                            "title": "The fields onto which you can perform aggregations",
                            "items": {
                              "type": "string",
                              "title": "The Items Schema"
                            }
                          },
                          "page_size": {
                            "type": "number",
                            "title": "The page size. If you just need to aggregate, set it to 0",
                            "minimum": 0,
                            "maximum": 2000
                          },
                          "sort_field": {
                            "title": "Sort Fields",
                            "type": "string"
                          },
                          "sort_order": {
                            "type": "string",
                            "title": "Whether sorting should be ascending or descending",
                            "enum": [
                              "asc",
                              "desc"
                            ]
                          },
                          "aggregate_by_account": {
                            "type": "boolean",
                            "title": "Indicates whether aggregations should be scoped by account"
                          },
                          "next_cursor": {
                            "type": "string",
                            "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                            "examples": [
                              "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                            ]
                          }
                        }
                      }
                    ]
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "array",
                        "title": "Group results by indicated field(s)",
                        "items": {
                          "type": "string",
                          "title": "RID Groupby Fields",
                          "enum": [
                            "origin_id",
                            "machine_id",
                            "group_id",
                            "root_group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "account_id",
                            "account_name",
                            "parent_id",
                            "port",
                            "protocol",
                            "attack_user",
                            "machine_ip",
                            "ip",
                            "machine_name",
                            "source_location.city",
                            "source_location.country",
                            "source_location.country_iso",
                            "source_location.continent",
                            "source_location.time_zone",
                            "source_location.postal_code",
                            "destination_location.city",
                            "destination_location.country",
                            "destination_location.country_iso",
                            "destination_location.continent",
                            "destination_location.time_zone",
                            "destination_location.postal_code"
                          ]
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "The Post RID Search GroupBy Response Schema",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": []
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Grid"
        ],
        "operationId": "api.nebula.grid.search.rid.group"
      }
    },
    "/nebula/v1/products": {
      "post": {
        "description": "Search OPSWAT products",
        "summary": "Search products",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Search OPSWAT Products with filters",
                "type": "object",
                "properties": {
                  "constraints": {
                    "type": "array",
                    "title": "List of search constraints",
                    "items": {
                      "type": "object",
                      "properties": {
                        "field": {
                          "type": "string",
                          "title": "Constraint field",
                          "enum": [
                            "vendor_id",
                            "vendor_name",
                            "product_name",
                            "platform",
                            "methods"
                          ]
                        },
                        "operator": {
                          "title": "Constraint operator",
                          "type": "string",
                          "enum": [
                            "equals",
                            "not_equals",
                            "contains",
                            "not_contains"
                          ]
                        },
                        "value": {
                          "title": "Value to search",
                          "type": [
                            "string",
                            "number"
                          ]
                        }
                      }
                    }
                  },
                  "sort_field": {
                    "title": "Sort Field",
                    "type": "string",
                    "enum": [
                      "vendor_name",
                      "vendor_id",
                      "product_name",
                      "product_id"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "Page size",
                    "minimum": 0,
                    "maximum": 500
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "required": [
                    "total_count",
                    "results"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "vendor_id": {
                            "type": "string"
                          },
                          "product_id": {
                            "type": "string"
                          },
                          "signatures": {
                            "type": "array",
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "signature_id": {
                                  "type": "string"
                                },
                                "signature_name": {
                                  "type": "string"
                                }
                              }
                            }
                          },
                          "vendor_name": {
                            "type": "string"
                          },
                          "product_name": {
                            "type": "string"
                          },
                          "platform": {
                            "type": "string"
                          },
                          "categories": {
                            "type": "array",
                            "items": {
                              "type": "string"
                            }
                          },
                          "methods": {
                            "type": "array",
                            "items": {
                              "type": "string"
                            }
                          }
                        },
                        "required": [
                          "signatures",
                          "product_id",
                          "vendor_id"
                        ]
                      }
                    }
                  },
                  "total_count": {
                    "type": "number"
                  },
                  "next_cursor": {
                    "type": "string"
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Products"
        ],
        "operationId": "api.nebula.post.products"
      }
    },
    "/nebula/v1/products/vendors": {
      "post": {
        "description": "Search OPSWAT vendors",
        "summary": "Search vendors",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Search OPSWAT Vendors with filters",
                "type": "object",
                "properties": {
                  "constraints": {
                    "type": "array",
                    "title": "List of search constraints",
                    "items": {
                      "type": "object",
                      "properties": {
                        "field": {
                          "type": "string",
                          "title": "Constraint field",
                          "enum": [
                            "vendor_name",
                            "platform",
                            "methods"
                          ]
                        },
                        "operator": {
                          "title": "Constraint operator",
                          "type": "string",
                          "enum": [
                            "equals",
                            "not_equals",
                            "contains",
                            "not_contains"
                          ]
                        },
                        "value": {
                          "title": "Value to search",
                          "type": [
                            "string",
                            "number"
                          ]
                        }
                      }
                    }
                  },
                  "sort_field": {
                    "title": "Sort Field",
                    "type": "string",
                    "enum": [
                      "vendor_name",
                      "vendor_id"
                    ]
                  },
                  "page_size": {
                    "type": "number",
                    "title": "Page size",
                    "minimum": 0,
                    "maximum": 500
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "required": [
                    "total_count",
                    "results"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "vendor_id": {
                            "type": "string"
                          },
                          "vendor_name": {
                            "type": "string"
                          },
                          "platform": {
                            "type": "string"
                          },
                          "products": {
                            "type": "array",
                            "items": {
                              "type": "object",
                              "additionalProperties": false,
                              "properties": {
                                "vendor_id": {
                                  "type": "string"
                                },
                                "product_id": {
                                  "type": "string"
                                },
                                "signatures": {
                                  "type": "array",
                                  "items": {
                                    "type": "object",
                                    "additionalProperties": false,
                                    "properties": {
                                      "signature_id": {
                                        "type": "string"
                                      },
                                      "signature_name": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                "vendor_name": {
                                  "type": "string"
                                },
                                "product_name": {
                                  "type": "string"
                                },
                                "platform": {
                                  "type": "string"
                                },
                                "categories": {
                                  "type": "array",
                                  "items": {
                                    "type": "string"
                                  }
                                },
                                "methods": {
                                  "type": "array",
                                  "items": {
                                    "type": "string"
                                  }
                                }
                              },
                              "required": [
                                "signatures",
                                "product_id",
                                "vendor_id"
                              ]
                            }
                          },
                          "methods": {
                            "type": "array",
                            "items": {
                              "type": "string"
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "number"
                    },
                    "next_cursor": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Products"
        ],
        "operationId": "api.nebula.post.products.vendors"
      }
    },
    "/nebula/v1/app-block/rules": {
      "post": {
        "description": "Create a new App Block Rule",
        "summary": "Create App Block Rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create App Block Rule Schema",
                "required": [
                  "rule"
                ],
                "properties": {
                  "rule": {
                    "type": "object",
                    "title": "App Block Rule",
                    "required": [
                      "name",
                      "action"
                    ],
                    "oneOf": [
                      {
                        "title": "Files",
                        "required": [
                          "files"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "File properties",
                        "required": [
                          "file_properties"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Hash",
                        "anyOf": [
                          {
                            "title": "Hash MD5",
                            "required": [
                              "hashes_md5"
                            ]
                          },
                          {
                            "title": "Hash SHA1",
                            "required": [
                              "hashes_sha1"
                            ]
                          },
                          {
                            "title": "Hash SHA256",
                            "required": [
                              "hashes_sha256"
                            ]
                          }
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Applications",
                        "required": [
                          "applications"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Vendors",
                        "required": [
                          "vendors"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Certificate property",
                        "required": [
                          "digital_signatures"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      }
                    ],
                    "properties": {
                      "name": {
                        "type": "string",
                        "description": "App Block Rule Name",
                        "examples": [
                          "app_block_rule_1"
                        ]
                      },
                      "action": {
                        "type": "string",
                        "descripion": "App Block Rule Action",
                        "enum": [
                          "block",
                          "report"
                        ]
                      },
                      "files": {
                        "type": "array",
                        "description": "Blocked file paths",
                        "items": {
                          "type": "string"
                        },
                        "examples": [
                          [
                            "/example/path/1",
                            "/exapmle/path/2"
                          ]
                        ]
                      },
                      "file_properties": {
                        "type": "array",
                        "description": "Blocked file properties",
                        "items": {
                          "type": "object",
                          "properties": {
                            "property": {
                              "type": "string"
                            },
                            "value": {
                              "type": "string"
                            }
                          }
                        }
                      },
                      "hashes_md5": {
                        "type": "array",
                        "description": "Blocked Md5 hashes",
                        "items": {
                          "type": "object",
                          "properties": {
                            "hash": {
                              "type": "string"
                            },
                            "size": {
                              "type": "number"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 123
                            },
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 456
                            }
                          ]
                        ]
                      },
                      "hashes_sha1": {
                        "type": "array",
                        "description": "Blocked SHA1 hashes",
                        "items": {
                          "type": "object",
                          "properties": {
                            "hash": {
                              "type": "string"
                            },
                            "size": {
                              "type": "number"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 123
                            },
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 456
                            }
                          ]
                        ]
                      },
                      "hashes_sha256": {
                        "type": "array",
                        "description": "Blocked SHA256 hashes",
                        "items": {
                          "type": "object",
                          "properties": {
                            "hash": {
                              "type": "string"
                            },
                            "size": {
                              "type": "number"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 123
                            },
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 456
                            }
                          ]
                        ]
                      },
                      "applications": {
                        "type": "array",
                        "description": "Blocked Applications",
                        "items": {
                          "type": "object",
                          "properties": {
                            "vendor_id": {
                              "type": "integer",
                              "description": "OPSWAT Vendor Id"
                            },
                            "vendor_name": {
                              "type": "string",
                              "description": "OPSWAT Vendor Name"
                            },
                            "signature_id": {
                              "type": "integer",
                              "description": "OPSWAT Signature Id"
                            },
                            "signature_name": {
                              "type": "string",
                              "description": "OPSWAT Signature Name"
                            },
                            "product_name": {
                              "type": "string",
                              "description": "OPSWAT Product Name"
                            },
                            "product_id": {
                              "type": "integer",
                              "description": "OPSWAT Product ID"
                            }
                          },
                          "required": [
                            "signature_id"
                          ]
                        },
                        "examples": [
                          [
                            {
                              "vendor_id": "111",
                              "vendor_name": "Example Vendor",
                              "signature_id": "1111",
                              "signature_name": "Example Signature",
                              "product_id": "Example Product Id",
                              "product_name": "Example Produc Name"
                            }
                          ]
                        ]
                      },
                      "vendors": {
                        "type": "array",
                        "description": "Blocked Vendors",
                        "items": {
                          "type": "object",
                          "properties": {
                            "vendor_id": {
                              "type": "integer",
                              "description": "OPSWAT Vendor Id"
                            },
                            "vendor_name": {
                              "type": "string",
                              "description": "OPSWAT Vendor Name"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "vendor_id": "1111",
                              "vendor_name": "Example Vendor"
                            }
                          ]
                        ]
                      },
                      "digital_signatures": {
                        "type": "array",
                        "description": "Blocked digital signatures",
                        "items": {
                          "type": "object",
                          "properties": {
                            "property": {
                              "type": "string"
                            },
                            "value": {
                              "type": "string"
                            }
                          }
                        }
                      }
                    }
                  },
                  "policy_ids": {
                    "type": "array",
                    "title": "Policies associated with the rule",
                    "items": {
                      "type": "string",
                      "title": "Policy ID"
                    },
                    "examples": [
                      [
                        "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                        "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                      ]
                    ]
                  },
                  "policies_exclude": {
                    "type": "boolean",
                    "title": "If the property is true, the specified policies are excluded",
                    "default": false
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Enable the rule",
                    "default": true
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "App Block Rule",
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create App Block Rule Schema",
                      "required": [
                        "rule"
                      ],
                      "properties": {
                        "rule": {
                          "type": "object",
                          "title": "App Block Rule",
                          "required": [
                            "name",
                            "action"
                          ],
                          "oneOf": [
                            {
                              "title": "Files",
                              "required": [
                                "files"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "File properties",
                              "required": [
                                "file_properties"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Hash",
                              "anyOf": [
                                {
                                  "title": "Hash MD5",
                                  "required": [
                                    "hashes_md5"
                                  ]
                                },
                                {
                                  "title": "Hash SHA1",
                                  "required": [
                                    "hashes_sha1"
                                  ]
                                },
                                {
                                  "title": "Hash SHA256",
                                  "required": [
                                    "hashes_sha256"
                                  ]
                                }
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Applications",
                              "required": [
                                "applications"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Vendors",
                              "required": [
                                "vendors"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Certificate property",
                              "required": [
                                "digital_signatures"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            }
                          ],
                          "properties": {
                            "name": {
                              "type": "string",
                              "description": "App Block Rule Name",
                              "examples": [
                                "app_block_rule_1"
                              ]
                            },
                            "action": {
                              "type": "string",
                              "descripion": "App Block Rule Action",
                              "enum": [
                                "block",
                                "report"
                              ]
                            },
                            "files": {
                              "type": "array",
                              "description": "Blocked file paths",
                              "items": {
                                "type": "string"
                              },
                              "examples": [
                                [
                                  "/example/path/1",
                                  "/exapmle/path/2"
                                ]
                              ]
                            },
                            "file_properties": {
                              "type": "array",
                              "description": "Blocked file properties",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "property": {
                                    "type": "string"
                                  },
                                  "value": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            "hashes_md5": {
                              "type": "array",
                              "description": "Blocked Md5 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "hashes_sha1": {
                              "type": "array",
                              "description": "Blocked SHA1 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "hashes_sha256": {
                              "type": "array",
                              "description": "Blocked SHA256 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "applications": {
                              "type": "array",
                              "description": "Blocked Applications",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "vendor_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Vendor Id"
                                  },
                                  "vendor_name": {
                                    "type": "string",
                                    "description": "OPSWAT Vendor Name"
                                  },
                                  "signature_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Signature Id"
                                  },
                                  "signature_name": {
                                    "type": "string",
                                    "description": "OPSWAT Signature Name"
                                  },
                                  "product_name": {
                                    "type": "string",
                                    "description": "OPSWAT Product Name"
                                  },
                                  "product_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Product ID"
                                  }
                                },
                                "required": [
                                  "signature_id"
                                ]
                              },
                              "examples": [
                                [
                                  {
                                    "vendor_id": "111",
                                    "vendor_name": "Example Vendor",
                                    "signature_id": "1111",
                                    "signature_name": "Example Signature",
                                    "product_id": "Example Product Id",
                                    "product_name": "Example Produc Name"
                                  }
                                ]
                              ]
                            },
                            "vendors": {
                              "type": "array",
                              "description": "Blocked Vendors",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "vendor_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Vendor Id"
                                  },
                                  "vendor_name": {
                                    "type": "string",
                                    "description": "OPSWAT Vendor Name"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "vendor_id": "1111",
                                    "vendor_name": "Example Vendor"
                                  }
                                ]
                              ]
                            },
                            "digital_signatures": {
                              "type": "array",
                              "description": "Blocked digital signatures",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "property": {
                                    "type": "string"
                                  },
                                  "value": {
                                    "type": "string"
                                  }
                                }
                              }
                            }
                          }
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "Policies associated with the rule",
                          "items": {
                            "type": "string",
                            "title": "Policy ID"
                          },
                          "examples": [
                            [
                              "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                              "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                            ]
                          ]
                        },
                        "policies_exclude": {
                          "type": "boolean",
                          "title": "If the property is true, the specified policies are excluded",
                          "default": false
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable the rule",
                          "default": true
                        }
                      }
                    },
                    {
                      "type": "object",
                      "properties": {
                        "rule": {
                          "allOf": [
                            {
                              "type": "object",
                              "title": "App Block Rule",
                              "required": [
                                "name",
                                "action"
                              ],
                              "oneOf": [
                                {
                                  "title": "Files",
                                  "required": [
                                    "files"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "File properties",
                                  "required": [
                                    "file_properties"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Hash",
                                  "anyOf": [
                                    {
                                      "title": "Hash MD5",
                                      "required": [
                                        "hashes_md5"
                                      ]
                                    },
                                    {
                                      "title": "Hash SHA1",
                                      "required": [
                                        "hashes_sha1"
                                      ]
                                    },
                                    {
                                      "title": "Hash SHA256",
                                      "required": [
                                        "hashes_sha256"
                                      ]
                                    }
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Applications",
                                  "required": [
                                    "applications"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Vendors",
                                  "required": [
                                    "vendors"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Certificate property",
                                  "required": [
                                    "digital_signatures"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                }
                              ],
                              "properties": {
                                "name": {
                                  "type": "string",
                                  "description": "App Block Rule Name",
                                  "examples": [
                                    "app_block_rule_1"
                                  ]
                                },
                                "action": {
                                  "type": "string",
                                  "descripion": "App Block Rule Action",
                                  "enum": [
                                    "block",
                                    "report"
                                  ]
                                },
                                "files": {
                                  "type": "array",
                                  "description": "Blocked file paths",
                                  "items": {
                                    "type": "string"
                                  },
                                  "examples": [
                                    [
                                      "/example/path/1",
                                      "/exapmle/path/2"
                                    ]
                                  ]
                                },
                                "file_properties": {
                                  "type": "array",
                                  "description": "Blocked file properties",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "property": {
                                        "type": "string"
                                      },
                                      "value": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                "hashes_md5": {
                                  "type": "array",
                                  "description": "Blocked Md5 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "hashes_sha1": {
                                  "type": "array",
                                  "description": "Blocked SHA1 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "hashes_sha256": {
                                  "type": "array",
                                  "description": "Blocked SHA256 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "applications": {
                                  "type": "array",
                                  "description": "Blocked Applications",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "vendor_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Vendor Id"
                                      },
                                      "vendor_name": {
                                        "type": "string",
                                        "description": "OPSWAT Vendor Name"
                                      },
                                      "signature_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Signature Id"
                                      },
                                      "signature_name": {
                                        "type": "string",
                                        "description": "OPSWAT Signature Name"
                                      },
                                      "product_name": {
                                        "type": "string",
                                        "description": "OPSWAT Product Name"
                                      },
                                      "product_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Product ID"
                                      }
                                    },
                                    "required": [
                                      "signature_id"
                                    ]
                                  },
                                  "examples": [
                                    [
                                      {
                                        "vendor_id": "111",
                                        "vendor_name": "Example Vendor",
                                        "signature_id": "1111",
                                        "signature_name": "Example Signature",
                                        "product_id": "Example Product Id",
                                        "product_name": "Example Produc Name"
                                      }
                                    ]
                                  ]
                                },
                                "vendors": {
                                  "type": "array",
                                  "description": "Blocked Vendors",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "vendor_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Vendor Id"
                                      },
                                      "vendor_name": {
                                        "type": "string",
                                        "description": "OPSWAT Vendor Name"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "vendor_id": "1111",
                                        "vendor_name": "Example Vendor"
                                      }
                                    ]
                                  ]
                                },
                                "digital_signatures": {
                                  "type": "array",
                                  "description": "Blocked digital signatures",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "property": {
                                        "type": "string"
                                      },
                                      "value": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "required": [
                                "id"
                              ],
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "examples": [
                                    "3606af9f-f539-426c-be76-6f9bc18531e2"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "created_at": {
                          "type": "string",
                          "examples": [
                            "2022-11-09T14:34:04.181428Z"
                          ]
                        },
                        "created_by": {
                          "type": "string",
                          "examples": [
                            "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                          ]
                        },
                        "updated_at": {
                          "type": "string",
                          "examples": [
                            "2022-11-09T14:34:04.181428Z"
                          ]
                        },
                        "updated_by": {
                          "type": "string",
                          "examples": [
                            "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                          ]
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object",
                            "properties": {
                              "policy_id": {
                                "type": "string"
                              },
                              "policy_name": {
                                "type": "string"
                              },
                              "deleted_at": {
                                "type": "string"
                              }
                            }
                          }
                        },
                        "accounts": {
                          "type": "array",
                          "items": {
                            "type": "object",
                            "properties": {
                              "account_id": {
                                "type": "string"
                              },
                              "account_name": {
                                "type": "string"
                              },
                              "deleted_at": {
                                "type": "string"
                              }
                            }
                          }
                        },
                        "type": {
                          "type": "string",
                          "examples": [
                            "files",
                            "hashes",
                            "file_properties",
                            "applications",
                            "vendors",
                            "digital_signatures"
                          ]
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.post.app_block_rule"
      }
    },
    "/nebula/v1/app-block/rules/{id}": {
      "delete": {
        "description": "Delete an existing App Block Rule by its id.",
        "summary": "Delete App Block Rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.delete.app_block_rule"
      },
      "get": {
        "description": "Get an App Block Rule by ID",
        "summary": "Get App Block Rule",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "App Block Rule",
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create App Block Rule Schema",
                      "required": [
                        "rule"
                      ],
                      "properties": {
                        "rule": {
                          "type": "object",
                          "title": "App Block Rule",
                          "required": [
                            "name",
                            "action"
                          ],
                          "oneOf": [
                            {
                              "title": "Files",
                              "required": [
                                "files"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "File properties",
                              "required": [
                                "file_properties"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Hash",
                              "anyOf": [
                                {
                                  "title": "Hash MD5",
                                  "required": [
                                    "hashes_md5"
                                  ]
                                },
                                {
                                  "title": "Hash SHA1",
                                  "required": [
                                    "hashes_sha1"
                                  ]
                                },
                                {
                                  "title": "Hash SHA256",
                                  "required": [
                                    "hashes_sha256"
                                  ]
                                }
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Applications",
                              "required": [
                                "applications"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Vendors",
                              "required": [
                                "vendors"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Certificate property",
                              "required": [
                                "digital_signatures"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            }
                          ],
                          "properties": {
                            "name": {
                              "type": "string",
                              "description": "App Block Rule Name",
                              "examples": [
                                "app_block_rule_1"
                              ]
                            },
                            "action": {
                              "type": "string",
                              "descripion": "App Block Rule Action",
                              "enum": [
                                "block",
                                "report"
                              ]
                            },
                            "files": {
                              "type": "array",
                              "description": "Blocked file paths",
                              "items": {
                                "type": "string"
                              },
                              "examples": [
                                [
                                  "/example/path/1",
                                  "/exapmle/path/2"
                                ]
                              ]
                            },
                            "file_properties": {
                              "type": "array",
                              "description": "Blocked file properties",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "property": {
                                    "type": "string"
                                  },
                                  "value": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            "hashes_md5": {
                              "type": "array",
                              "description": "Blocked Md5 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "hashes_sha1": {
                              "type": "array",
                              "description": "Blocked SHA1 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "hashes_sha256": {
                              "type": "array",
                              "description": "Blocked SHA256 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "applications": {
                              "type": "array",
                              "description": "Blocked Applications",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "vendor_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Vendor Id"
                                  },
                                  "vendor_name": {
                                    "type": "string",
                                    "description": "OPSWAT Vendor Name"
                                  },
                                  "signature_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Signature Id"
                                  },
                                  "signature_name": {
                                    "type": "string",
                                    "description": "OPSWAT Signature Name"
                                  },
                                  "product_name": {
                                    "type": "string",
                                    "description": "OPSWAT Product Name"
                                  },
                                  "product_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Product ID"
                                  }
                                },
                                "required": [
                                  "signature_id"
                                ]
                              },
                              "examples": [
                                [
                                  {
                                    "vendor_id": "111",
                                    "vendor_name": "Example Vendor",
                                    "signature_id": "1111",
                                    "signature_name": "Example Signature",
                                    "product_id": "Example Product Id",
                                    "product_name": "Example Produc Name"
                                  }
                                ]
                              ]
                            },
                            "vendors": {
                              "type": "array",
                              "description": "Blocked Vendors",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "vendor_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Vendor Id"
                                  },
                                  "vendor_name": {
                                    "type": "string",
                                    "description": "OPSWAT Vendor Name"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "vendor_id": "1111",
                                    "vendor_name": "Example Vendor"
                                  }
                                ]
                              ]
                            },
                            "digital_signatures": {
                              "type": "array",
                              "description": "Blocked digital signatures",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "property": {
                                    "type": "string"
                                  },
                                  "value": {
                                    "type": "string"
                                  }
                                }
                              }
                            }
                          }
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "Policies associated with the rule",
                          "items": {
                            "type": "string",
                            "title": "Policy ID"
                          },
                          "examples": [
                            [
                              "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                              "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                            ]
                          ]
                        },
                        "policies_exclude": {
                          "type": "boolean",
                          "title": "If the property is true, the specified policies are excluded",
                          "default": false
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable the rule",
                          "default": true
                        }
                      }
                    },
                    {
                      "type": "object",
                      "properties": {
                        "rule": {
                          "allOf": [
                            {
                              "type": "object",
                              "title": "App Block Rule",
                              "required": [
                                "name",
                                "action"
                              ],
                              "oneOf": [
                                {
                                  "title": "Files",
                                  "required": [
                                    "files"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "File properties",
                                  "required": [
                                    "file_properties"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Hash",
                                  "anyOf": [
                                    {
                                      "title": "Hash MD5",
                                      "required": [
                                        "hashes_md5"
                                      ]
                                    },
                                    {
                                      "title": "Hash SHA1",
                                      "required": [
                                        "hashes_sha1"
                                      ]
                                    },
                                    {
                                      "title": "Hash SHA256",
                                      "required": [
                                        "hashes_sha256"
                                      ]
                                    }
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Applications",
                                  "required": [
                                    "applications"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Vendors",
                                  "required": [
                                    "vendors"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Certificate property",
                                  "required": [
                                    "digital_signatures"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                }
                              ],
                              "properties": {
                                "name": {
                                  "type": "string",
                                  "description": "App Block Rule Name",
                                  "examples": [
                                    "app_block_rule_1"
                                  ]
                                },
                                "action": {
                                  "type": "string",
                                  "descripion": "App Block Rule Action",
                                  "enum": [
                                    "block",
                                    "report"
                                  ]
                                },
                                "files": {
                                  "type": "array",
                                  "description": "Blocked file paths",
                                  "items": {
                                    "type": "string"
                                  },
                                  "examples": [
                                    [
                                      "/example/path/1",
                                      "/exapmle/path/2"
                                    ]
                                  ]
                                },
                                "file_properties": {
                                  "type": "array",
                                  "description": "Blocked file properties",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "property": {
                                        "type": "string"
                                      },
                                      "value": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                "hashes_md5": {
                                  "type": "array",
                                  "description": "Blocked Md5 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "hashes_sha1": {
                                  "type": "array",
                                  "description": "Blocked SHA1 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "hashes_sha256": {
                                  "type": "array",
                                  "description": "Blocked SHA256 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "applications": {
                                  "type": "array",
                                  "description": "Blocked Applications",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "vendor_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Vendor Id"
                                      },
                                      "vendor_name": {
                                        "type": "string",
                                        "description": "OPSWAT Vendor Name"
                                      },
                                      "signature_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Signature Id"
                                      },
                                      "signature_name": {
                                        "type": "string",
                                        "description": "OPSWAT Signature Name"
                                      },
                                      "product_name": {
                                        "type": "string",
                                        "description": "OPSWAT Product Name"
                                      },
                                      "product_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Product ID"
                                      }
                                    },
                                    "required": [
                                      "signature_id"
                                    ]
                                  },
                                  "examples": [
                                    [
                                      {
                                        "vendor_id": "111",
                                        "vendor_name": "Example Vendor",
                                        "signature_id": "1111",
                                        "signature_name": "Example Signature",
                                        "product_id": "Example Product Id",
                                        "product_name": "Example Produc Name"
                                      }
                                    ]
                                  ]
                                },
                                "vendors": {
                                  "type": "array",
                                  "description": "Blocked Vendors",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "vendor_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Vendor Id"
                                      },
                                      "vendor_name": {
                                        "type": "string",
                                        "description": "OPSWAT Vendor Name"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "vendor_id": "1111",
                                        "vendor_name": "Example Vendor"
                                      }
                                    ]
                                  ]
                                },
                                "digital_signatures": {
                                  "type": "array",
                                  "description": "Blocked digital signatures",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "property": {
                                        "type": "string"
                                      },
                                      "value": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "required": [
                                "id"
                              ],
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "examples": [
                                    "3606af9f-f539-426c-be76-6f9bc18531e2"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "created_at": {
                          "type": "string",
                          "examples": [
                            "2022-11-09T14:34:04.181428Z"
                          ]
                        },
                        "created_by": {
                          "type": "string",
                          "examples": [
                            "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                          ]
                        },
                        "updated_at": {
                          "type": "string",
                          "examples": [
                            "2022-11-09T14:34:04.181428Z"
                          ]
                        },
                        "updated_by": {
                          "type": "string",
                          "examples": [
                            "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                          ]
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object",
                            "properties": {
                              "policy_id": {
                                "type": "string"
                              },
                              "policy_name": {
                                "type": "string"
                              },
                              "deleted_at": {
                                "type": "string"
                              }
                            }
                          }
                        },
                        "accounts": {
                          "type": "array",
                          "items": {
                            "type": "object",
                            "properties": {
                              "account_id": {
                                "type": "string"
                              },
                              "account_name": {
                                "type": "string"
                              },
                              "deleted_at": {
                                "type": "string"
                              }
                            }
                          }
                        },
                        "type": {
                          "type": "string",
                          "examples": [
                            "files",
                            "hashes",
                            "file_properties",
                            "applications",
                            "vendors",
                            "digital_signatures"
                          ]
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.get.app_block_rule"
      },
      "put": {
        "description": "Update an existing App Block Rule by its id.",
        "summary": "Update App Block Rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create App Block Rule Schema",
                "required": [
                  "rule"
                ],
                "properties": {
                  "rule": {
                    "type": "object",
                    "title": "App Block Rule",
                    "required": [
                      "name",
                      "action"
                    ],
                    "oneOf": [
                      {
                        "title": "Files",
                        "required": [
                          "files"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "File properties",
                        "required": [
                          "file_properties"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Hash",
                        "anyOf": [
                          {
                            "title": "Hash MD5",
                            "required": [
                              "hashes_md5"
                            ]
                          },
                          {
                            "title": "Hash SHA1",
                            "required": [
                              "hashes_sha1"
                            ]
                          },
                          {
                            "title": "Hash SHA256",
                            "required": [
                              "hashes_sha256"
                            ]
                          }
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Applications",
                        "required": [
                          "applications"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Vendors",
                        "required": [
                          "vendors"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      },
                      {
                        "title": "Certificate property",
                        "required": [
                          "digital_signatures"
                        ],
                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                      }
                    ],
                    "properties": {
                      "name": {
                        "type": "string",
                        "description": "App Block Rule Name",
                        "examples": [
                          "app_block_rule_1"
                        ]
                      },
                      "action": {
                        "type": "string",
                        "descripion": "App Block Rule Action",
                        "enum": [
                          "block",
                          "report"
                        ]
                      },
                      "files": {
                        "type": "array",
                        "description": "Blocked file paths",
                        "items": {
                          "type": "string"
                        },
                        "examples": [
                          [
                            "/example/path/1",
                            "/exapmle/path/2"
                          ]
                        ]
                      },
                      "file_properties": {
                        "type": "array",
                        "description": "Blocked file properties",
                        "items": {
                          "type": "object",
                          "properties": {
                            "property": {
                              "type": "string"
                            },
                            "value": {
                              "type": "string"
                            }
                          }
                        }
                      },
                      "hashes_md5": {
                        "type": "array",
                        "description": "Blocked Md5 hashes",
                        "items": {
                          "type": "object",
                          "properties": {
                            "hash": {
                              "type": "string"
                            },
                            "size": {
                              "type": "number"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 123
                            },
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 456
                            }
                          ]
                        ]
                      },
                      "hashes_sha1": {
                        "type": "array",
                        "description": "Blocked SHA1 hashes",
                        "items": {
                          "type": "object",
                          "properties": {
                            "hash": {
                              "type": "string"
                            },
                            "size": {
                              "type": "number"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 123
                            },
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 456
                            }
                          ]
                        ]
                      },
                      "hashes_sha256": {
                        "type": "array",
                        "description": "Blocked SHA256 hashes",
                        "items": {
                          "type": "object",
                          "properties": {
                            "hash": {
                              "type": "string"
                            },
                            "size": {
                              "type": "number"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 123
                            },
                            {
                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                              "size": 456
                            }
                          ]
                        ]
                      },
                      "applications": {
                        "type": "array",
                        "description": "Blocked Applications",
                        "items": {
                          "type": "object",
                          "properties": {
                            "vendor_id": {
                              "type": "integer",
                              "description": "OPSWAT Vendor Id"
                            },
                            "vendor_name": {
                              "type": "string",
                              "description": "OPSWAT Vendor Name"
                            },
                            "signature_id": {
                              "type": "integer",
                              "description": "OPSWAT Signature Id"
                            },
                            "signature_name": {
                              "type": "string",
                              "description": "OPSWAT Signature Name"
                            },
                            "product_name": {
                              "type": "string",
                              "description": "OPSWAT Product Name"
                            },
                            "product_id": {
                              "type": "integer",
                              "description": "OPSWAT Product ID"
                            }
                          },
                          "required": [
                            "signature_id"
                          ]
                        },
                        "examples": [
                          [
                            {
                              "vendor_id": "111",
                              "vendor_name": "Example Vendor",
                              "signature_id": "1111",
                              "signature_name": "Example Signature",
                              "product_id": "Example Product Id",
                              "product_name": "Example Produc Name"
                            }
                          ]
                        ]
                      },
                      "vendors": {
                        "type": "array",
                        "description": "Blocked Vendors",
                        "items": {
                          "type": "object",
                          "properties": {
                            "vendor_id": {
                              "type": "integer",
                              "description": "OPSWAT Vendor Id"
                            },
                            "vendor_name": {
                              "type": "string",
                              "description": "OPSWAT Vendor Name"
                            }
                          }
                        },
                        "examples": [
                          [
                            {
                              "vendor_id": "1111",
                              "vendor_name": "Example Vendor"
                            }
                          ]
                        ]
                      },
                      "digital_signatures": {
                        "type": "array",
                        "description": "Blocked digital signatures",
                        "items": {
                          "type": "object",
                          "properties": {
                            "property": {
                              "type": "string"
                            },
                            "value": {
                              "type": "string"
                            }
                          }
                        }
                      }
                    }
                  },
                  "policy_ids": {
                    "type": "array",
                    "title": "Policies associated with the rule",
                    "items": {
                      "type": "string",
                      "title": "Policy ID"
                    },
                    "examples": [
                      [
                        "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                        "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                      ]
                    ]
                  },
                  "policies_exclude": {
                    "type": "boolean",
                    "title": "If the property is true, the specified policies are excluded",
                    "default": false
                  },
                  "enabled": {
                    "type": "boolean",
                    "title": "Enable the rule",
                    "default": true
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "App Block Rule",
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Create App Block Rule Schema",
                      "required": [
                        "rule"
                      ],
                      "properties": {
                        "rule": {
                          "type": "object",
                          "title": "App Block Rule",
                          "required": [
                            "name",
                            "action"
                          ],
                          "oneOf": [
                            {
                              "title": "Files",
                              "required": [
                                "files"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "File properties",
                              "required": [
                                "file_properties"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Hash",
                              "anyOf": [
                                {
                                  "title": "Hash MD5",
                                  "required": [
                                    "hashes_md5"
                                  ]
                                },
                                {
                                  "title": "Hash SHA1",
                                  "required": [
                                    "hashes_sha1"
                                  ]
                                },
                                {
                                  "title": "Hash SHA256",
                                  "required": [
                                    "hashes_sha256"
                                  ]
                                }
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Applications",
                              "required": [
                                "applications"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Vendors",
                              "required": [
                                "vendors"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            },
                            {
                              "title": "Certificate property",
                              "required": [
                                "digital_signatures"
                              ],
                              "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                            }
                          ],
                          "properties": {
                            "name": {
                              "type": "string",
                              "description": "App Block Rule Name",
                              "examples": [
                                "app_block_rule_1"
                              ]
                            },
                            "action": {
                              "type": "string",
                              "descripion": "App Block Rule Action",
                              "enum": [
                                "block",
                                "report"
                              ]
                            },
                            "files": {
                              "type": "array",
                              "description": "Blocked file paths",
                              "items": {
                                "type": "string"
                              },
                              "examples": [
                                [
                                  "/example/path/1",
                                  "/exapmle/path/2"
                                ]
                              ]
                            },
                            "file_properties": {
                              "type": "array",
                              "description": "Blocked file properties",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "property": {
                                    "type": "string"
                                  },
                                  "value": {
                                    "type": "string"
                                  }
                                }
                              }
                            },
                            "hashes_md5": {
                              "type": "array",
                              "description": "Blocked Md5 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "hashes_sha1": {
                              "type": "array",
                              "description": "Blocked SHA1 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "hashes_sha256": {
                              "type": "array",
                              "description": "Blocked SHA256 hashes",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "hash": {
                                    "type": "string"
                                  },
                                  "size": {
                                    "type": "number"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 123
                                  },
                                  {
                                    "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                    "size": 456
                                  }
                                ]
                              ]
                            },
                            "applications": {
                              "type": "array",
                              "description": "Blocked Applications",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "vendor_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Vendor Id"
                                  },
                                  "vendor_name": {
                                    "type": "string",
                                    "description": "OPSWAT Vendor Name"
                                  },
                                  "signature_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Signature Id"
                                  },
                                  "signature_name": {
                                    "type": "string",
                                    "description": "OPSWAT Signature Name"
                                  },
                                  "product_name": {
                                    "type": "string",
                                    "description": "OPSWAT Product Name"
                                  },
                                  "product_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Product ID"
                                  }
                                },
                                "required": [
                                  "signature_id"
                                ]
                              },
                              "examples": [
                                [
                                  {
                                    "vendor_id": "111",
                                    "vendor_name": "Example Vendor",
                                    "signature_id": "1111",
                                    "signature_name": "Example Signature",
                                    "product_id": "Example Product Id",
                                    "product_name": "Example Produc Name"
                                  }
                                ]
                              ]
                            },
                            "vendors": {
                              "type": "array",
                              "description": "Blocked Vendors",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "vendor_id": {
                                    "type": "integer",
                                    "description": "OPSWAT Vendor Id"
                                  },
                                  "vendor_name": {
                                    "type": "string",
                                    "description": "OPSWAT Vendor Name"
                                  }
                                }
                              },
                              "examples": [
                                [
                                  {
                                    "vendor_id": "1111",
                                    "vendor_name": "Example Vendor"
                                  }
                                ]
                              ]
                            },
                            "digital_signatures": {
                              "type": "array",
                              "description": "Blocked digital signatures",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "property": {
                                    "type": "string"
                                  },
                                  "value": {
                                    "type": "string"
                                  }
                                }
                              }
                            }
                          }
                        },
                        "policy_ids": {
                          "type": "array",
                          "title": "Policies associated with the rule",
                          "items": {
                            "type": "string",
                            "title": "Policy ID"
                          },
                          "examples": [
                            [
                              "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                              "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                            ]
                          ]
                        },
                        "policies_exclude": {
                          "type": "boolean",
                          "title": "If the property is true, the specified policies are excluded",
                          "default": false
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enable the rule",
                          "default": true
                        }
                      }
                    },
                    {
                      "type": "object",
                      "properties": {
                        "rule": {
                          "allOf": [
                            {
                              "type": "object",
                              "title": "App Block Rule",
                              "required": [
                                "name",
                                "action"
                              ],
                              "oneOf": [
                                {
                                  "title": "Files",
                                  "required": [
                                    "files"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "File properties",
                                  "required": [
                                    "file_properties"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Hash",
                                  "anyOf": [
                                    {
                                      "title": "Hash MD5",
                                      "required": [
                                        "hashes_md5"
                                      ]
                                    },
                                    {
                                      "title": "Hash SHA1",
                                      "required": [
                                        "hashes_sha1"
                                      ]
                                    },
                                    {
                                      "title": "Hash SHA256",
                                      "required": [
                                        "hashes_sha256"
                                      ]
                                    }
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Applications",
                                  "required": [
                                    "applications"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Vendors",
                                  "required": [
                                    "vendors"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                },
                                {
                                  "title": "Certificate property",
                                  "required": [
                                    "digital_signatures"
                                  ],
                                  "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                }
                              ],
                              "properties": {
                                "name": {
                                  "type": "string",
                                  "description": "App Block Rule Name",
                                  "examples": [
                                    "app_block_rule_1"
                                  ]
                                },
                                "action": {
                                  "type": "string",
                                  "descripion": "App Block Rule Action",
                                  "enum": [
                                    "block",
                                    "report"
                                  ]
                                },
                                "files": {
                                  "type": "array",
                                  "description": "Blocked file paths",
                                  "items": {
                                    "type": "string"
                                  },
                                  "examples": [
                                    [
                                      "/example/path/1",
                                      "/exapmle/path/2"
                                    ]
                                  ]
                                },
                                "file_properties": {
                                  "type": "array",
                                  "description": "Blocked file properties",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "property": {
                                        "type": "string"
                                      },
                                      "value": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                },
                                "hashes_md5": {
                                  "type": "array",
                                  "description": "Blocked Md5 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "hashes_sha1": {
                                  "type": "array",
                                  "description": "Blocked SHA1 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "hashes_sha256": {
                                  "type": "array",
                                  "description": "Blocked SHA256 hashes",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "hash": {
                                        "type": "string"
                                      },
                                      "size": {
                                        "type": "number"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 123
                                      },
                                      {
                                        "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                        "size": 456
                                      }
                                    ]
                                  ]
                                },
                                "applications": {
                                  "type": "array",
                                  "description": "Blocked Applications",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "vendor_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Vendor Id"
                                      },
                                      "vendor_name": {
                                        "type": "string",
                                        "description": "OPSWAT Vendor Name"
                                      },
                                      "signature_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Signature Id"
                                      },
                                      "signature_name": {
                                        "type": "string",
                                        "description": "OPSWAT Signature Name"
                                      },
                                      "product_name": {
                                        "type": "string",
                                        "description": "OPSWAT Product Name"
                                      },
                                      "product_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Product ID"
                                      }
                                    },
                                    "required": [
                                      "signature_id"
                                    ]
                                  },
                                  "examples": [
                                    [
                                      {
                                        "vendor_id": "111",
                                        "vendor_name": "Example Vendor",
                                        "signature_id": "1111",
                                        "signature_name": "Example Signature",
                                        "product_id": "Example Product Id",
                                        "product_name": "Example Produc Name"
                                      }
                                    ]
                                  ]
                                },
                                "vendors": {
                                  "type": "array",
                                  "description": "Blocked Vendors",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "vendor_id": {
                                        "type": "integer",
                                        "description": "OPSWAT Vendor Id"
                                      },
                                      "vendor_name": {
                                        "type": "string",
                                        "description": "OPSWAT Vendor Name"
                                      }
                                    }
                                  },
                                  "examples": [
                                    [
                                      {
                                        "vendor_id": "1111",
                                        "vendor_name": "Example Vendor"
                                      }
                                    ]
                                  ]
                                },
                                "digital_signatures": {
                                  "type": "array",
                                  "description": "Blocked digital signatures",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "property": {
                                        "type": "string"
                                      },
                                      "value": {
                                        "type": "string"
                                      }
                                    }
                                  }
                                }
                              }
                            },
                            {
                              "required": [
                                "id"
                              ],
                              "properties": {
                                "id": {
                                  "type": "string",
                                  "examples": [
                                    "3606af9f-f539-426c-be76-6f9bc18531e2"
                                  ]
                                }
                              }
                            }
                          ]
                        },
                        "created_at": {
                          "type": "string",
                          "examples": [
                            "2022-11-09T14:34:04.181428Z"
                          ]
                        },
                        "created_by": {
                          "type": "string",
                          "examples": [
                            "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                          ]
                        },
                        "updated_at": {
                          "type": "string",
                          "examples": [
                            "2022-11-09T14:34:04.181428Z"
                          ]
                        },
                        "updated_by": {
                          "type": "string",
                          "examples": [
                            "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                          ]
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object",
                            "properties": {
                              "policy_id": {
                                "type": "string"
                              },
                              "policy_name": {
                                "type": "string"
                              },
                              "deleted_at": {
                                "type": "string"
                              }
                            }
                          }
                        },
                        "accounts": {
                          "type": "array",
                          "items": {
                            "type": "object",
                            "properties": {
                              "account_id": {
                                "type": "string"
                              },
                              "account_name": {
                                "type": "string"
                              },
                              "deleted_at": {
                                "type": "string"
                              }
                            }
                          }
                        },
                        "type": {
                          "type": "string",
                          "examples": [
                            "files",
                            "hashes",
                            "file_properties",
                            "applications",
                            "vendors",
                            "digital_signatures"
                          ]
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.put.app_block_rule"
      }
    },
    "/nebula/v1/app-block/activity/export": {
      "post": {
        "description": "Export app block activity",
        "summary": "Export app block activity",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export Activity Request",
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "The new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "type",
                            "group_id",
                            "path",
                            "status",
                            "id",
                            "machine_id",
                            "account_id",
                            "account.name",
                            "group_name",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_offset_seconds",
                            "reported_at",
                            "category",
                            "is_rtp_stream_event",
                            "process_name",
                            "cleaned_at",
                            "machine_name",
                            "machine_ip",
                            "child_trace_count",
                            "source_location",
                            "destination_location",
                            "machine_location",
                            "trace_ip",
                            "trace_port",
                            "threat_name",
                            "is_root_detection",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.protection_status",
                            "agent.object_guid",
                            "sha256",
                            "md5",
                            "app_block.app_block_rules",
                            "app_block.file_path",
                            "policy_name"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch app block activities",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search App Block Activity Request",
                          "properties": {
                            "sort_field": {
                              "type": "string",
                              "title": "Sort Field",
                              "enum": [
                                "scanned_at",
                                "status",
                                "machine_name",
                                "account_name",
                                "file_path",
                                "policy_name",
                                "last_user",
                                "engine_version",
                                "group_id",
                                "group_name",
                                "nics.ips",
                                "os_info.os_platform",
                                "os_info.os_release_name",
                                "os_info.os_type",
                                "os_info.os_version"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sort Order",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "scanned_at_before": {
                              "type": "string",
                              "title": "Filter by scanned_at_before"
                            },
                            "scanned_at_after": {
                              "type": "string",
                              "title": "Filter by scanned_at_after"
                            },
                            "status": {
                              "type": "string",
                              "title": "Filter by status"
                            },
                            "action_taken": {
                              "type": "string",
                              "title": "Filter by action taken",
                              "examples": [
                                "unknown",
                                "failed",
                                "noActionByUser",
                                "quarantined",
                                "replaced",
                                "deleteOnReboot",
                                "replaceOnReboot",
                                "blocked",
                                "whitelisted",
                                "unquarantined"
                              ]
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Filter by either alias, host name of fully qualified host name"
                            },
                            "rule_id": {
                              "type": "string",
                              "title": "Filter by rule_id"
                            },
                            "rule_name": {
                              "type": "string",
                              "title": "Filter by rule_name"
                            },
                            "rule_name.keyword": {
                              "type": "string",
                              "title": "Filter by rule name. 'Contains' type search."
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter by policy_name"
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter by policy name. 'Contains' type search."
                            },
                            "account_name": {
                              "type": "string",
                              "title": "Filter by account_name"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter by account_name. 'Contains' type search"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Filter by last_user"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter by engine_version"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter by group_id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter by group_name"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter by nic.ips"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter by os_info.os_platform"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter by os_info.os_release_name"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter by os_info.os_release_name. 'Contains' type search"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter by os_info.os_type"
                            },
                            "file_path": {
                              "type": "string",
                              "title": "Filter by file_path"
                            },
                            "file_path.keyword": {
                              "type": "string",
                              "title": "Filter by file_path. 'Contains' type search."
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter by os_info.os_version"
                            },
                            "histogram_time_zone": {
                              "type": "string",
                              "pattern": "^(?:Z|([+-])([0-9]{2}):?([0-9]{2}))$",
                              "title": "Specify time zone for daily_detections_by_category and daily_app_block_by_file_path aggregations (Ex. \"+04:00\")",
                              "examples": [
                                "+04:00"
                              ]
                            },
                            "start_date": {
                              "type": "string",
                              "title": "Get results after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "end_date": {
                              "type": "string",
                              "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "trace_id",
                                  "scan_id",
                                  "machine_id",
                                  "group_id",
                                  "account_id",
                                  "detection_id",
                                  "parent_detection_id",
                                  "correlation_hash",
                                  "status",
                                  "threat_name.keyword",
                                  "type",
                                  "path.keyword",
                                  "category",
                                  "md5",
                                  "affected_application.keyword",
                                  "process_name.keyword",
                                  "machine_name.keyword",
                                  "daily_detections_by_category",
                                  "daily_app_block_by_file_path",
                                  "protection_status",
                                  "os_info.os_release_name.keyword",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description.keyword",
                                  "os_info.os_type",
                                  "os_info.os_version.keyword",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name.keyword",
                                  "fully_qualified_host_name.keyword",
                                  "plugins.asset_manager.plugin_version.keyword",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.endpoint_protection.plugin_version.keyword",
                                  "plugins.endpoint_protection.sdk_version.keyword",
                                  "plugins.endpoint_protection.component_package_version.keyword",
                                  "plugins.endpoint_protection.update_package_version.keyword",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_response.plugin_version.keyword",
                                  "plugins.endpoint_detection_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.incident_response.plugin_version.keyword",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.siem.plugin_version.keyword",
                                  "plugins.siem.reboot_reason",
                                  "plugins.browser_phishing_protection.plugin_version.keyword",
                                  "engine_version.keyword",
                                  "domain_name.keyword",
                                  "policy_etag",
                                  "last_user.keyword",
                                  "object_guid",
                                  "file_path"
                                ]
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.export.activity"
      }
    },
    "/nebula/v1/app-block/activity/export/async": {
      "post": {
        "description": "Export app block activity",
        "summary": "Export app block activity asynchronously",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export Activity Request",
                "properties": {
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "required": [
                        "field",
                        "newField"
                      ],
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "The new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "type",
                            "group_id",
                            "path",
                            "status",
                            "id",
                            "machine_id",
                            "account_id",
                            "account.name",
                            "group_name",
                            "detection_id",
                            "scanned_at",
                            "scanned_at_offset_seconds",
                            "reported_at",
                            "category",
                            "is_rtp_stream_event",
                            "process_name",
                            "cleaned_at",
                            "machine_name",
                            "machine_ip",
                            "child_trace_count",
                            "source_location",
                            "destination_location",
                            "machine_location",
                            "trace_ip",
                            "trace_port",
                            "threat_name",
                            "is_root_detection",
                            "agent.at",
                            "agent.last_user",
                            "agent.fully_qualified_host_name",
                            "agent.started_at_local",
                            "agent.started_at_offset",
                            "agent.os_info.os_type",
                            "agent.os_info.os_version",
                            "agent.os_info.os_platform",
                            "agent.os_info.os_architecture",
                            "agent.os_info.os_release_name",
                            "agent.domain_name",
                            "agent.engine_version",
                            "agent.policy_etag",
                            "agent.host_name",
                            "agent.nics.ips",
                            "agent.nics.mac_address",
                            "agent.protection_status",
                            "agent.object_guid",
                            "sha256",
                            "md5",
                            "app_block.app_block_rules",
                            "app_block.file_path",
                            "policy_name"
                          ]
                        }
                      }
                    }
                  },
                  "groups": {
                    "type": "array",
                    "title": "List of queries",
                    "items": {
                      "type": "object",
                      "title": "Query to fetch app block activities",
                      "allOf": [
                        {
                          "type": "object",
                          "title": "Search App Block Activity Request",
                          "properties": {
                            "sort_field": {
                              "type": "string",
                              "title": "Sort Field",
                              "enum": [
                                "scanned_at",
                                "status",
                                "machine_name",
                                "account_name",
                                "file_path",
                                "policy_name",
                                "last_user",
                                "engine_version",
                                "group_id",
                                "group_name",
                                "nics.ips",
                                "os_info.os_platform",
                                "os_info.os_release_name",
                                "os_info.os_type",
                                "os_info.os_version"
                              ]
                            },
                            "sort_order": {
                              "type": "string",
                              "title": "Sort Order",
                              "enum": [
                                "asc",
                                "desc"
                              ]
                            },
                            "scanned_at_before": {
                              "type": "string",
                              "title": "Filter by scanned_at_before"
                            },
                            "scanned_at_after": {
                              "type": "string",
                              "title": "Filter by scanned_at_after"
                            },
                            "status": {
                              "type": "string",
                              "title": "Filter by status"
                            },
                            "action_taken": {
                              "type": "string",
                              "title": "Filter by action taken",
                              "examples": [
                                "unknown",
                                "failed",
                                "noActionByUser",
                                "quarantined",
                                "replaced",
                                "deleteOnReboot",
                                "replaceOnReboot",
                                "blocked",
                                "whitelisted",
                                "unquarantined"
                              ]
                            },
                            "name_multi_search": {
                              "type": "string",
                              "title": "Filter by either alias, host name of fully qualified host name"
                            },
                            "rule_id": {
                              "type": "string",
                              "title": "Filter by rule_id"
                            },
                            "rule_name": {
                              "type": "string",
                              "title": "Filter by rule_name"
                            },
                            "rule_name.keyword": {
                              "type": "string",
                              "title": "Filter by rule name. 'Contains' type search."
                            },
                            "policy_name": {
                              "type": "string",
                              "title": "Filter by policy_name"
                            },
                            "policy_name.keyword": {
                              "type": "string",
                              "title": "Filter by policy name. 'Contains' type search."
                            },
                            "account_name": {
                              "type": "string",
                              "title": "Filter by account_name"
                            },
                            "account_name.keyword": {
                              "type": "string",
                              "title": "Filter by account_name. 'Contains' type search"
                            },
                            "last_user": {
                              "type": "string",
                              "title": "Filter by last_user"
                            },
                            "engine_version": {
                              "type": "string",
                              "title": "Filter by engine_version"
                            },
                            "group_id": {
                              "type": "string",
                              "title": "Filter by group_id"
                            },
                            "group_name": {
                              "type": "string",
                              "title": "Filter by group_name"
                            },
                            "nics.ips": {
                              "type": "string",
                              "title": "Filter by nic.ips"
                            },
                            "os_info.os_platform": {
                              "type": "string",
                              "title": "Filter by os_info.os_platform"
                            },
                            "os_info.os_release_name": {
                              "type": "string",
                              "title": "Filter by os_info.os_release_name"
                            },
                            "os_info.os_release_name.keyword": {
                              "type": "string",
                              "title": "Filter by os_info.os_release_name. 'Contains' type search"
                            },
                            "os_info.os_type": {
                              "type": "string",
                              "title": "Filter by os_info.os_type"
                            },
                            "file_path": {
                              "type": "string",
                              "title": "Filter by file_path"
                            },
                            "file_path.keyword": {
                              "type": "string",
                              "title": "Filter by file_path. 'Contains' type search."
                            },
                            "os_info.os_version": {
                              "type": "string",
                              "title": "Filter by os_info.os_version"
                            },
                            "histogram_time_zone": {
                              "type": "string",
                              "pattern": "^(?:Z|([+-])([0-9]{2}):?([0-9]{2}))$",
                              "title": "Specify time zone for daily_detections_by_category and daily_app_block_by_file_path aggregations (Ex. \"+04:00\")",
                              "examples": [
                                "+04:00"
                              ]
                            },
                            "start_date": {
                              "type": "string",
                              "title": "Get results after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "end_date": {
                              "type": "string",
                              "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                              "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                              "examples": [
                                "2020-03-23T17:23:17.860482Z"
                              ]
                            },
                            "aggregations": {
                              "type": "array",
                              "title": "The Aggregations Schema",
                              "items": {
                                "type": "string",
                                "title": "Aggregations",
                                "default": [],
                                "enum": [
                                  "trace_id",
                                  "scan_id",
                                  "machine_id",
                                  "group_id",
                                  "account_id",
                                  "detection_id",
                                  "parent_detection_id",
                                  "correlation_hash",
                                  "status",
                                  "threat_name.keyword",
                                  "type",
                                  "path.keyword",
                                  "category",
                                  "md5",
                                  "affected_application.keyword",
                                  "process_name.keyword",
                                  "machine_name.keyword",
                                  "daily_detections_by_category",
                                  "daily_app_block_by_file_path",
                                  "protection_status",
                                  "os_info.os_release_name.keyword",
                                  "nics.ips",
                                  "nics.mac_address",
                                  "nics.description.keyword",
                                  "os_info.os_type",
                                  "os_info.os_version.keyword",
                                  "os_info.os_platform",
                                  "os_info.os_architecture",
                                  "host_name.keyword",
                                  "fully_qualified_host_name.keyword",
                                  "plugins.asset_manager.plugin_version.keyword",
                                  "plugins.asset_manager.reboot_reason",
                                  "plugins.endpoint_protection.plugin_version.keyword",
                                  "plugins.endpoint_protection.sdk_version.keyword",
                                  "plugins.endpoint_protection.component_package_version.keyword",
                                  "plugins.endpoint_protection.update_package_version.keyword",
                                  "plugins.endpoint_protection.reboot_reason",
                                  "plugins.endpoint_detection_response.plugin_version.keyword",
                                  "plugins.endpoint_detection_response.reboot_reason",
                                  "plugins.endpoint_detection_and_response.plugin_version.keyword",
                                  "plugins.endpoint_detection_and_response.reboot_reason",
                                  "plugins.incident_response.plugin_version.keyword",
                                  "plugins.incident_response.reboot_reason",
                                  "plugins.siem.plugin_version.keyword",
                                  "plugins.siem.reboot_reason",
                                  "plugins.browser_phishing_protection.plugin_version.keyword",
                                  "engine_version.keyword",
                                  "domain_name.keyword",
                                  "policy_etag",
                                  "last_user.keyword",
                                  "object_guid",
                                  "file_path"
                                ]
                              }
                            },
                            "page_size": {
                              "type": "number",
                              "title": "The size of the page. If you only need aggregations, set it to 0",
                              "minimum": 0,
                              "maximum": 2000
                            },
                            "next_cursor": {
                              "type": "string",
                              "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                              "examples": [
                                "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                              ]
                            }
                          }
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.export.activity.async"
      }
    },
    "/nebula/v1/app-block/settings": {
      "get": {
        "description": "Get App Block settings for account",
        "summary": "Get App Block settings",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "app_block_settings",
                  "type": "object",
                  "properties": {
                    "message_title": {
                      "type": "string",
                      "title": "Message Title"
                    },
                    "message_body": {
                      "type": "string",
                      "title": "Message Body"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.get.app_block.settings"
      },
      "put": {
        "description": "Create or update App Block settings for account",
        "summary": "Create App Block settings",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "app_block_settings",
                "type": "object",
                "properties": {
                  "message_title": {
                    "type": "string",
                    "title": "Message Title"
                  },
                  "message_body": {
                    "type": "string",
                    "title": "Message Body"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "app_block_settings",
                  "type": "object",
                  "properties": {
                    "message_title": {
                      "type": "string",
                      "title": "Message Title"
                    },
                    "message_body": {
                      "type": "string",
                      "title": "Message Body"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.put.app_block.settings"
      }
    },
    "/nebula/v1/app-block/activity": {
      "post": {
        "description": "Search app block activity log",
        "summary": "Search app block activity",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search App Block Activity Request",
                "properties": {
                  "sort_field": {
                    "type": "string",
                    "title": "Sort Field",
                    "enum": [
                      "scanned_at",
                      "status",
                      "machine_name",
                      "account_name",
                      "file_path",
                      "policy_name",
                      "last_user",
                      "engine_version",
                      "group_id",
                      "group_name",
                      "nics.ips",
                      "os_info.os_platform",
                      "os_info.os_release_name",
                      "os_info.os_type",
                      "os_info.os_version"
                    ]
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Sort Order",
                    "enum": [
                      "asc",
                      "desc"
                    ]
                  },
                  "scanned_at_before": {
                    "type": "string",
                    "title": "Filter by scanned_at_before"
                  },
                  "scanned_at_after": {
                    "type": "string",
                    "title": "Filter by scanned_at_after"
                  },
                  "status": {
                    "type": "string",
                    "title": "Filter by status"
                  },
                  "action_taken": {
                    "type": "string",
                    "title": "Filter by action taken",
                    "examples": [
                      "unknown",
                      "failed",
                      "noActionByUser",
                      "quarantined",
                      "replaced",
                      "deleteOnReboot",
                      "replaceOnReboot",
                      "blocked",
                      "whitelisted",
                      "unquarantined"
                    ]
                  },
                  "name_multi_search": {
                    "type": "string",
                    "title": "Filter by either alias, host name of fully qualified host name"
                  },
                  "rule_id": {
                    "type": "string",
                    "title": "Filter by rule_id"
                  },
                  "rule_name": {
                    "type": "string",
                    "title": "Filter by rule_name"
                  },
                  "rule_name.keyword": {
                    "type": "string",
                    "title": "Filter by rule name. 'Contains' type search."
                  },
                  "policy_name": {
                    "type": "string",
                    "title": "Filter by policy_name"
                  },
                  "policy_name.keyword": {
                    "type": "string",
                    "title": "Filter by policy name. 'Contains' type search."
                  },
                  "account_name": {
                    "type": "string",
                    "title": "Filter by account_name"
                  },
                  "account_name.keyword": {
                    "type": "string",
                    "title": "Filter by account_name. 'Contains' type search"
                  },
                  "last_user": {
                    "type": "string",
                    "title": "Filter by last_user"
                  },
                  "engine_version": {
                    "type": "string",
                    "title": "Filter by engine_version"
                  },
                  "group_id": {
                    "type": "string",
                    "title": "Filter by group_id"
                  },
                  "group_name": {
                    "type": "string",
                    "title": "Filter by group_name"
                  },
                  "nics.ips": {
                    "type": "string",
                    "title": "Filter by nic.ips"
                  },
                  "os_info.os_platform": {
                    "type": "string",
                    "title": "Filter by os_info.os_platform"
                  },
                  "os_info.os_release_name": {
                    "type": "string",
                    "title": "Filter by os_info.os_release_name"
                  },
                  "os_info.os_release_name.keyword": {
                    "type": "string",
                    "title": "Filter by os_info.os_release_name. 'Contains' type search"
                  },
                  "os_info.os_type": {
                    "type": "string",
                    "title": "Filter by os_info.os_type"
                  },
                  "file_path": {
                    "type": "string",
                    "title": "Filter by file_path"
                  },
                  "file_path.keyword": {
                    "type": "string",
                    "title": "Filter by file_path. 'Contains' type search."
                  },
                  "os_info.os_version": {
                    "type": "string",
                    "title": "Filter by os_info.os_version"
                  },
                  "histogram_time_zone": {
                    "type": "string",
                    "pattern": "^(?:Z|([+-])([0-9]{2}):?([0-9]{2}))$",
                    "title": "Specify time zone for daily_detections_by_category and daily_app_block_by_file_path aggregations (Ex. \"+04:00\")",
                    "examples": [
                      "+04:00"
                    ]
                  },
                  "start_date": {
                    "type": "string",
                    "title": "Get results after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "end_date": {
                    "type": "string",
                    "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                    "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                    "examples": [
                      "2020-03-23T17:23:17.860482Z"
                    ]
                  },
                  "aggregations": {
                    "type": "array",
                    "title": "The Aggregations Schema",
                    "items": {
                      "type": "string",
                      "title": "Aggregations",
                      "default": [],
                      "enum": [
                        "trace_id",
                        "scan_id",
                        "machine_id",
                        "group_id",
                        "account_id",
                        "detection_id",
                        "parent_detection_id",
                        "correlation_hash",
                        "status",
                        "threat_name.keyword",
                        "type",
                        "path.keyword",
                        "category",
                        "md5",
                        "affected_application.keyword",
                        "process_name.keyword",
                        "machine_name.keyword",
                        "daily_detections_by_category",
                        "daily_app_block_by_file_path",
                        "protection_status",
                        "os_info.os_release_name.keyword",
                        "nics.ips",
                        "nics.mac_address",
                        "nics.description.keyword",
                        "os_info.os_type",
                        "os_info.os_version.keyword",
                        "os_info.os_platform",
                        "os_info.os_architecture",
                        "host_name.keyword",
                        "fully_qualified_host_name.keyword",
                        "plugins.asset_manager.plugin_version.keyword",
                        "plugins.asset_manager.reboot_reason",
                        "plugins.endpoint_protection.plugin_version.keyword",
                        "plugins.endpoint_protection.sdk_version.keyword",
                        "plugins.endpoint_protection.component_package_version.keyword",
                        "plugins.endpoint_protection.update_package_version.keyword",
                        "plugins.endpoint_protection.reboot_reason",
                        "plugins.endpoint_detection_response.plugin_version.keyword",
                        "plugins.endpoint_detection_response.reboot_reason",
                        "plugins.endpoint_detection_and_response.plugin_version.keyword",
                        "plugins.endpoint_detection_and_response.reboot_reason",
                        "plugins.incident_response.plugin_version.keyword",
                        "plugins.incident_response.reboot_reason",
                        "plugins.siem.plugin_version.keyword",
                        "plugins.siem.reboot_reason",
                        "plugins.browser_phishing_protection.plugin_version.keyword",
                        "engine_version.keyword",
                        "domain_name.keyword",
                        "policy_etag",
                        "last_user.keyword",
                        "object_guid",
                        "file_path"
                      ]
                    }
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "App Block Activities",
                  "type": "object",
                  "properties": {
                    "total_count": {
                      "type": "number",
                      "description": "Total number of results"
                    },
                    "results": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "title": "App Block Activity Schema",
                        "properties": {
                          "id": {
                            "type": "string",
                            "description": "Activity Id",
                            "examples": [
                              "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                            ]
                          },
                          "status": {
                            "type": "string",
                            "description": "Status"
                          },
                          "path": {
                            "type": "string",
                            "description": "Path"
                          },
                          "group_id": {
                            "type": "string",
                            "description": "Group Id",
                            "examples": [
                              "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                            ]
                          },
                          "is_root_detection": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string",
                            "examples": [
                              "3606af9f-f539-426c-be76-6f9bc18531e2"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "examples": [
                              "3606af9f-f539-426c-be76-6f9bc18531e2"
                            ]
                          },
                          "detection_id": {
                            "type": "string",
                            "examples": [
                              "3606af9f-f539-426c-be76-6f9bc18531e2"
                            ]
                          },
                          "scanned_at": {
                            "type": "string",
                            "examples": [
                              "2020-10-23T14:20:51.006558Z"
                            ]
                          },
                          "scanned_at_offset_seconds": {
                            "type": "number",
                            "examples": [
                              0
                            ]
                          },
                          "reported_at": {
                            "type": "string",
                            "examples": [
                              "2020-10-23T14:20:51.006558Z"
                            ]
                          },
                          "threat_name": {
                            "type": "string"
                          },
                          "category": {
                            "type": "string"
                          },
                          "is_rtp_stream_event": {
                            "type": "boolean",
                            "example": [
                              true
                            ]
                          },
                          "machine_name": {
                            "type": "string"
                          },
                          "trace_id": {
                            "type": "string"
                          },
                          "scan_id": {
                            "type": "string"
                          },
                          "affected_application": {
                            "type": "string"
                          },
                          "agent": {
                            "$schema": "http://json-schema.org/draft-07/schema",
                            "type": "object",
                            "title": "The root schema",
                            "description": "The root schema comprises the entire JSON document.",
                            "default": {},
                            "examples": [
                              {
                                "at": "2020-10-23T14:20:51.006558Z",
                                "is_software_update_available": false,
                                "started_at_local": "2020-10-23T14:20:50.920306Z",
                                "started_at_offset": -25200,
                                "nics": [
                                  {
                                    "ips": [
                                      "10.151.110.52"
                                    ],
                                    "description": "Intel(R) 82574L Gigabit Network Connection",
                                    "mac_address": "005056B91173"
                                  }
                                ],
                                "os_info": {
                                  "os_type": "Workstation",
                                  "os_version": "6.3.9600",
                                  "os_platform": "Windows",
                                  "os_architecture": "x86",
                                  "os_release_name": "Microsoft Windows 8.1 Pro"
                                },
                                "fully_qualified_host_name": "sahamedw8-1x86",
                                "plugins": {
                                  "windows_remote_intrusion_detection_and_prevention": {
                                    "product_name": "Windows Remote Intrusion Detection and Prevention",
                                    "plugin_version": "1.2.0.21"
                                  },
                                  "endpoint_protection": {
                                    "sdk_version": "4.2.1.90",
                                    "product_name": "Endpoint Protection",
                                    "plugin_version": "1.2.0.844",
                                    "update_package_version": "1.0.31870",
                                    "component_package_version": "1.0.1085",
                                    "reboot_reasons": 0
                                  },
                                  "asset_manager": {
                                    "product_name": "Asset Manager",
                                    "plugin_version": "1.2.0.330",
                                    "reboot_reasons": 0
                                  },
                                  "endpoint_detection_and_response": {
                                    "product_name": "Endpoint Detection and Response",
                                    "plugin_version": "1.2.0.297",
                                    "reboot_reasons": 0
                                  }
                                },
                                "engine_version": "1.2.0.821",
                                "policy_etag": "c6ea44914b72c92cba939ac3bd369dc4",
                                "last_user": "SAHAMEDW8-1X86\\Administrator",
                                "serial_number": "c02thb32g8wn",
                                "host_name": "sahamedw8-1x86",
                                "machine_id": "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f",
                                "machine_ip": "216.75.233.210"
                              }
                            ],
                            "properties": {
                              "at": {
                                "type": "string",
                                "title": "The at schema",
                                "default": "",
                                "examples": [
                                  "2020-10-23T14:20:51.006558Z"
                                ]
                              },
                              "is_software_update_available": {
                                "type": "boolean",
                                "title": "The is_software_update_available schema",
                                "default": false,
                                "examples": [
                                  false
                                ]
                              },
                              "started_at_local": {
                                "type": "string",
                                "title": "The started_at_local schema",
                                "default": "",
                                "examples": [
                                  "2020-10-23T14:20:50.920306Z"
                                ]
                              },
                              "started_at_offset": {
                                "type": "integer",
                                "title": "The started_at_offset schema",
                                "default": 0,
                                "examples": [
                                  -25200
                                ]
                              },
                              "nics": {
                                "type": "array",
                                "title": "The nics schema",
                                "default": [],
                                "examples": [
                                  [
                                    {
                                      "ips": [
                                        "10.151.110.52"
                                      ],
                                      "description": "Intel(R) 82574L Gigabit Network Connection",
                                      "mac_address": "005056B91173"
                                    }
                                  ]
                                ],
                                "additionalItems": true,
                                "items": {
                                  "anyOf": [
                                    {
                                      "type": "object",
                                      "title": "The first anyOf schema",
                                      "default": {},
                                      "examples": [
                                        {
                                          "ips": [
                                            "10.151.110.52"
                                          ],
                                          "description": "Intel(R) 82574L Gigabit Network Connection",
                                          "mac_address": "005056B91173"
                                        }
                                      ],
                                      "properties": {
                                        "ips": {
                                          "type": "array",
                                          "title": "The ips schema",
                                          "default": [],
                                          "examples": [
                                            [
                                              "10.151.110.52"
                                            ]
                                          ],
                                          "additionalItems": true,
                                          "items": {
                                            "anyOf": [
                                              {
                                                "type": "string",
                                                "title": "The first anyOf schema",
                                                "default": "",
                                                "examples": [
                                                  "10.151.110.52"
                                                ]
                                              }
                                            ]
                                          }
                                        },
                                        "description": {
                                          "type": "string",
                                          "title": "The description schema",
                                          "default": "",
                                          "examples": [
                                            "Intel(R) 82574L Gigabit Network Connection"
                                          ]
                                        },
                                        "mac_address": {
                                          "type": "string",
                                          "title": "The mac_address schema",
                                          "default": "",
                                          "examples": [
                                            "005056B91173"
                                          ]
                                        }
                                      },
                                      "additionalProperties": true
                                    }
                                  ]
                                }
                              },
                              "os_info": {
                                "type": "object",
                                "title": "The os_info schema",
                                "default": {},
                                "examples": [
                                  {
                                    "os_type": "Workstation",
                                    "os_version": "6.3.9600",
                                    "os_platform": "Windows",
                                    "os_architecture": "x86",
                                    "os_release_name": "Microsoft Windows 8.1 Pro"
                                  }
                                ],
                                "properties": {
                                  "os_type": {
                                    "type": "string",
                                    "title": "The os_type schema",
                                    "default": "",
                                    "examples": [
                                      "Workstation"
                                    ]
                                  },
                                  "os_version": {
                                    "type": "string",
                                    "title": "The os_version schema",
                                    "default": "",
                                    "examples": [
                                      "6.3.9600"
                                    ]
                                  },
                                  "os_platform": {
                                    "type": "string",
                                    "title": "The os_platform schema",
                                    "default": "",
                                    "examples": [
                                      "Windows"
                                    ]
                                  },
                                  "os_architecture": {
                                    "type": "string",
                                    "title": "The os_architecture schema",
                                    "default": "",
                                    "examples": [
                                      "x86"
                                    ]
                                  },
                                  "os_release_name": {
                                    "type": "string",
                                    "title": "The os_release_name schema",
                                    "default": "",
                                    "examples": [
                                      "Microsoft Windows 8.1 Pro"
                                    ]
                                  }
                                },
                                "additionalProperties": true
                              },
                              "fully_qualified_host_name": {
                                "type": "string",
                                "title": "The fully_qualified_host_name schema",
                                "default": "",
                                "examples": [
                                  "sahamedw8-1x86"
                                ]
                              },
                              "plugins": {
                                "type": "object",
                                "title": "The plugins schema",
                                "default": {},
                                "examples": [
                                  {
                                    "windows_remote_intrusion_detection_and_prevention": {
                                      "product_name": "Windows Remote Intrusion Detection and Prevention",
                                      "plugin_version": "1.2.0.21"
                                    },
                                    "endpoint_protection": {
                                      "sdk_version": "4.2.1.90",
                                      "product_name": "Endpoint Protection",
                                      "plugin_version": "1.2.0.844",
                                      "update_package_version": "1.0.31870",
                                      "component_package_version": "1.0.1085",
                                      "reboot_reasons": 0
                                    },
                                    "asset_manager": {
                                      "product_name": "Asset Manager",
                                      "plugin_version": "1.2.0.330",
                                      "reboot_reasons": 0
                                    },
                                    "endpoint_detection_and_response": {
                                      "product_name": "Endpoint Detection and Response",
                                      "plugin_version": "1.2.0.297",
                                      "reboot_reasons": 0
                                    }
                                  }
                                ],
                                "properties": {
                                  "windows_remote_intrusion_detection_and_prevention": {
                                    "type": "object",
                                    "title": "The windows_remote_intrusion_detection_and_prevention schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "product_name": "Windows Remote Intrusion Detection and Prevention",
                                        "plugin_version": "1.2.0.21"
                                      }
                                    ],
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "The product_name schema",
                                        "default": "",
                                        "examples": [
                                          "Windows Remote Intrusion Detection and Prevention"
                                        ]
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "The plugin_version schema",
                                        "default": "",
                                        "examples": [
                                          "1.2.0.21"
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "endpoint_protection": {
                                    "type": "object",
                                    "title": "The endpoint_protection schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "sdk_version": "4.2.1.90",
                                        "product_name": "Endpoint Protection",
                                        "plugin_version": "1.2.0.844",
                                        "update_package_version": "1.0.31870",
                                        "component_package_version": "1.0.1085",
                                        "reboot_reasons": 0
                                      }
                                    ],
                                    "properties": {
                                      "sdk_version": {
                                        "type": "string",
                                        "title": "The sdk_version schema",
                                        "default": "",
                                        "examples": [
                                          "4.2.1.90"
                                        ]
                                      },
                                      "product_name": {
                                        "type": "string",
                                        "title": "The product_name schema",
                                        "default": "",
                                        "examples": [
                                          "Endpoint Protection"
                                        ]
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "The plugin_version schema",
                                        "default": "",
                                        "examples": [
                                          "1.2.0.844"
                                        ]
                                      },
                                      "update_package_version": {
                                        "type": "string",
                                        "title": "The update_package_version schema",
                                        "default": "",
                                        "examples": [
                                          "1.0.31870"
                                        ]
                                      },
                                      "component_package_version": {
                                        "type": "string",
                                        "title": "The component_package_version schema",
                                        "default": "",
                                        "examples": [
                                          "1.0.1085"
                                        ]
                                      },
                                      "reboot_reasons": {
                                        "type": "integer",
                                        "title": "The reboot_reasons schema",
                                        "default": 0,
                                        "examples": [
                                          0
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "asset_manager": {
                                    "type": "object",
                                    "title": "The asset_manager schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "product_name": "Asset Manager",
                                        "plugin_version": "1.2.0.330",
                                        "reboot_reasons": 0
                                      }
                                    ],
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "The product_name schema",
                                        "default": "",
                                        "examples": [
                                          "Asset Manager"
                                        ]
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "The plugin_version schema",
                                        "default": "",
                                        "examples": [
                                          "1.2.0.330"
                                        ]
                                      },
                                      "reboot_reasons": {
                                        "type": "integer",
                                        "title": "The reboot_reasons schema",
                                        "default": 0,
                                        "examples": [
                                          0
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  },
                                  "endpoint_detection_and_response": {
                                    "type": "object",
                                    "title": "The endpoint_detection_and_response schema",
                                    "default": {},
                                    "examples": [
                                      {
                                        "product_name": "Endpoint Detection and Response",
                                        "plugin_version": "1.2.0.297",
                                        "reboot_reasons": 0
                                      }
                                    ],
                                    "properties": {
                                      "product_name": {
                                        "type": "string",
                                        "title": "The product_name schema",
                                        "default": "",
                                        "examples": [
                                          "Endpoint Detection and Response"
                                        ]
                                      },
                                      "plugin_version": {
                                        "type": "string",
                                        "title": "The plugin_version schema",
                                        "default": "",
                                        "examples": [
                                          "1.2.0.297"
                                        ]
                                      },
                                      "reboot_reasons": {
                                        "type": "integer",
                                        "title": "The reboot_reasons schema",
                                        "default": 0,
                                        "examples": [
                                          0
                                        ]
                                      }
                                    },
                                    "additionalProperties": true
                                  }
                                },
                                "additionalProperties": true
                              },
                              "engine_version": {
                                "type": "string",
                                "title": "The engine_version schema",
                                "default": "",
                                "examples": [
                                  "1.2.0.821"
                                ]
                              },
                              "policy_etag": {
                                "type": "string",
                                "title": "The policy_etag schema",
                                "default": "",
                                "examples": [
                                  "c6ea44914b72c92cba939ac3bd369dc4"
                                ]
                              },
                              "last_user": {
                                "type": "string",
                                "title": "The last_user schema",
                                "default": "",
                                "examples": [
                                  "SAHAMEDW8-1X86\\Administrator"
                                ]
                              },
                              "host_name": {
                                "type": "string",
                                "title": "The host_name schema",
                                "default": "",
                                "examples": [
                                  "sahamedw8-1x86"
                                ]
                              },
                              "machine_id": {
                                "type": "string",
                                "title": "The machine_id schema",
                                "default": "",
                                "examples": [
                                  "f2bcafe1-cb2b-4833-b6c9-6148b9511c8f"
                                ]
                              },
                              "machine_ip": {
                                "type": "string",
                                "title": "The machine_ip schema",
                                "default": "",
                                "examples": [
                                  "216.75.233.210"
                                ]
                              },
                              "object_guid": {
                                "type": "string",
                                "title": "The object_guid schema",
                                "default": ""
                              }
                            }
                          },
                          "account": {
                            "type": "object",
                            "properties": {
                              "parent": {
                                "type": "string"
                              },
                              "name": {
                                "type": "string"
                              },
                              "deleted": {
                                "type": "boolean"
                              }
                            }
                          },
                          "group": {
                            "type": "object",
                            "properties": {
                              "account_id": {
                                "type": "string",
                                "examples": [
                                  "3606af9f-f539-426c-be76-6f9bc18531e2"
                                ]
                              },
                              "id": {
                                "type": "string"
                              },
                              "machines_count": {
                                "type": "integer"
                              },
                              "name": {
                                "type": "string"
                              },
                              "policy_id": {
                                "type": "string",
                                "examples": [
                                  "3606af9f-f539-426c-be76-6f9bc18531e2"
                                ]
                              },
                              "root_id": {
                                "type": "string"
                              }
                            }
                          },
                          "app_block": {
                            "type": "object",
                            "properties": {
                              "file_path": {
                                "type": "string"
                              },
                              "app_block_rules": {
                                "type": "array",
                                "items": {
                                  "type": "object",
                                  "properties": {
                                    "id": {
                                      "type": "string",
                                      "examples": [
                                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                                      ]
                                    },
                                    "account_id": {
                                      "type": "string",
                                      "examples": [
                                        "3606af9f-f539-426c-be76-6f9bc18531e2"
                                      ]
                                    },
                                    "name": {
                                      "type": "string"
                                    },
                                    "type": {
                                      "type": "string"
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.search.app_block.activity"
      }
    },
    "/nebula/v1/app-block/activity/search-groupby": {
      "post": {
        "description": "Search app block activity log groupby",
        "summary": "Search app block activity groupby",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Search groupby activity request",
                "type": "object",
                "allOf": [
                  {
                    "type": "object",
                    "title": "Search App Block Activity Request",
                    "properties": {
                      "sort_field": {
                        "type": "string",
                        "title": "Sort Field",
                        "enum": [
                          "scanned_at",
                          "status",
                          "machine_name",
                          "account_name",
                          "file_path",
                          "policy_name",
                          "last_user",
                          "engine_version",
                          "group_id",
                          "group_name",
                          "nics.ips",
                          "os_info.os_platform",
                          "os_info.os_release_name",
                          "os_info.os_type",
                          "os_info.os_version"
                        ]
                      },
                      "sort_order": {
                        "type": "string",
                        "title": "Sort Order",
                        "enum": [
                          "asc",
                          "desc"
                        ]
                      },
                      "scanned_at_before": {
                        "type": "string",
                        "title": "Filter by scanned_at_before"
                      },
                      "scanned_at_after": {
                        "type": "string",
                        "title": "Filter by scanned_at_after"
                      },
                      "status": {
                        "type": "string",
                        "title": "Filter by status"
                      },
                      "action_taken": {
                        "type": "string",
                        "title": "Filter by action taken",
                        "examples": [
                          "unknown",
                          "failed",
                          "noActionByUser",
                          "quarantined",
                          "replaced",
                          "deleteOnReboot",
                          "replaceOnReboot",
                          "blocked",
                          "whitelisted",
                          "unquarantined"
                        ]
                      },
                      "name_multi_search": {
                        "type": "string",
                        "title": "Filter by either alias, host name of fully qualified host name"
                      },
                      "rule_id": {
                        "type": "string",
                        "title": "Filter by rule_id"
                      },
                      "rule_name": {
                        "type": "string",
                        "title": "Filter by rule_name"
                      },
                      "rule_name.keyword": {
                        "type": "string",
                        "title": "Filter by rule name. 'Contains' type search."
                      },
                      "policy_name": {
                        "type": "string",
                        "title": "Filter by policy_name"
                      },
                      "policy_name.keyword": {
                        "type": "string",
                        "title": "Filter by policy name. 'Contains' type search."
                      },
                      "account_name": {
                        "type": "string",
                        "title": "Filter by account_name"
                      },
                      "account_name.keyword": {
                        "type": "string",
                        "title": "Filter by account_name. 'Contains' type search"
                      },
                      "last_user": {
                        "type": "string",
                        "title": "Filter by last_user"
                      },
                      "engine_version": {
                        "type": "string",
                        "title": "Filter by engine_version"
                      },
                      "group_id": {
                        "type": "string",
                        "title": "Filter by group_id"
                      },
                      "group_name": {
                        "type": "string",
                        "title": "Filter by group_name"
                      },
                      "nics.ips": {
                        "type": "string",
                        "title": "Filter by nic.ips"
                      },
                      "os_info.os_platform": {
                        "type": "string",
                        "title": "Filter by os_info.os_platform"
                      },
                      "os_info.os_release_name": {
                        "type": "string",
                        "title": "Filter by os_info.os_release_name"
                      },
                      "os_info.os_release_name.keyword": {
                        "type": "string",
                        "title": "Filter by os_info.os_release_name. 'Contains' type search"
                      },
                      "os_info.os_type": {
                        "type": "string",
                        "title": "Filter by os_info.os_type"
                      },
                      "file_path": {
                        "type": "string",
                        "title": "Filter by file_path"
                      },
                      "file_path.keyword": {
                        "type": "string",
                        "title": "Filter by file_path. 'Contains' type search."
                      },
                      "os_info.os_version": {
                        "type": "string",
                        "title": "Filter by os_info.os_version"
                      },
                      "histogram_time_zone": {
                        "type": "string",
                        "pattern": "^(?:Z|([+-])([0-9]{2}):?([0-9]{2}))$",
                        "title": "Specify time zone for daily_detections_by_category and daily_app_block_by_file_path aggregations (Ex. \"+04:00\")",
                        "examples": [
                          "+04:00"
                        ]
                      },
                      "start_date": {
                        "type": "string",
                        "title": "Get results after this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "end_date": {
                        "type": "string",
                        "title": "Get results before this date (Ex. \"2020-03-23T17:23:17.860482Z\")",
                        "pattern": "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$",
                        "examples": [
                          "2020-03-23T17:23:17.860482Z"
                        ]
                      },
                      "aggregations": {
                        "type": "array",
                        "title": "The Aggregations Schema",
                        "items": {
                          "type": "string",
                          "title": "Aggregations",
                          "default": [],
                          "enum": [
                            "trace_id",
                            "scan_id",
                            "machine_id",
                            "group_id",
                            "account_id",
                            "detection_id",
                            "parent_detection_id",
                            "correlation_hash",
                            "status",
                            "threat_name.keyword",
                            "type",
                            "path.keyword",
                            "category",
                            "md5",
                            "affected_application.keyword",
                            "process_name.keyword",
                            "machine_name.keyword",
                            "daily_detections_by_category",
                            "daily_app_block_by_file_path",
                            "protection_status",
                            "os_info.os_release_name.keyword",
                            "nics.ips",
                            "nics.mac_address",
                            "nics.description.keyword",
                            "os_info.os_type",
                            "os_info.os_version.keyword",
                            "os_info.os_platform",
                            "os_info.os_architecture",
                            "host_name.keyword",
                            "fully_qualified_host_name.keyword",
                            "plugins.asset_manager.plugin_version.keyword",
                            "plugins.asset_manager.reboot_reason",
                            "plugins.endpoint_protection.plugin_version.keyword",
                            "plugins.endpoint_protection.sdk_version.keyword",
                            "plugins.endpoint_protection.component_package_version.keyword",
                            "plugins.endpoint_protection.update_package_version.keyword",
                            "plugins.endpoint_protection.reboot_reason",
                            "plugins.endpoint_detection_response.plugin_version.keyword",
                            "plugins.endpoint_detection_response.reboot_reason",
                            "plugins.endpoint_detection_and_response.plugin_version.keyword",
                            "plugins.endpoint_detection_and_response.reboot_reason",
                            "plugins.incident_response.plugin_version.keyword",
                            "plugins.incident_response.reboot_reason",
                            "plugins.siem.plugin_version.keyword",
                            "plugins.siem.reboot_reason",
                            "plugins.browser_phishing_protection.plugin_version.keyword",
                            "engine_version.keyword",
                            "domain_name.keyword",
                            "policy_etag",
                            "last_user.keyword",
                            "object_guid",
                            "file_path"
                          ]
                        }
                      },
                      "page_size": {
                        "type": "number",
                        "title": "The size of the page. If you only need aggregations, set it to 0",
                        "minimum": 0,
                        "maximum": 2000
                      },
                      "next_cursor": {
                        "type": "string",
                        "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                        "examples": [
                          "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                        ]
                      }
                    }
                  },
                  {
                    "properties": {
                      "group_by": {
                        "type": "string",
                        "title": "Group by one of the following fields",
                        "enum": [
                          "account_id",
                          "status",
                          "machine_id",
                          "file_path",
                          "policy_id",
                          "last_user",
                          "engine_version",
                          "group_id",
                          "os_info.os_platform",
                          "os_info.os_release_name",
                          "os_info.os_type",
                          "os_info.os_version"
                        ]
                      }
                    },
                    "required": [
                      "group_by",
                      "page_size"
                    ]
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search App Block Activity Response",
                  "required": [
                    "results",
                    "next_cursor"
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "title": "The Results Schema",
                      "default": [],
                      "items": {
                        "properties": {
                          "value": {
                            "type": "string"
                          },
                          "total": {
                            "type": "number"
                          }
                        }
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.search.app_block.activity.groupby"
      }
    },
    "/nebula/v1/app-block/rules/search": {
      "post": {
        "description": "Search App Block Rules",
        "summary": "Search App Block Rules",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search App Block Activity Constraint",
                "properties": {
                  "page_size": {
                    "type": "number",
                    "title": "The size of the page. If you only need aggregations, set it to 0",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Search App Block Rules Result",
                  "required": [
                    "app_block_rules",
                    "total_count"
                  ],
                  "properties": {
                    "total_count": {
                      "title": "Total Count",
                      "type": "number"
                    },
                    "app_block_rules": {
                      "title": "Rules list",
                      "type": "array",
                      "items": {
                        "type": "object",
                        "title": "App Block Rule",
                        "allOf": [
                          {
                            "type": "object",
                            "title": "Create App Block Rule Schema",
                            "required": [
                              "rule"
                            ],
                            "properties": {
                              "rule": {
                                "type": "object",
                                "title": "App Block Rule",
                                "required": [
                                  "name",
                                  "action"
                                ],
                                "oneOf": [
                                  {
                                    "title": "Files",
                                    "required": [
                                      "files"
                                    ],
                                    "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                  },
                                  {
                                    "title": "File properties",
                                    "required": [
                                      "file_properties"
                                    ],
                                    "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                  },
                                  {
                                    "title": "Hash",
                                    "anyOf": [
                                      {
                                        "title": "Hash MD5",
                                        "required": [
                                          "hashes_md5"
                                        ]
                                      },
                                      {
                                        "title": "Hash SHA1",
                                        "required": [
                                          "hashes_sha1"
                                        ]
                                      },
                                      {
                                        "title": "Hash SHA256",
                                        "required": [
                                          "hashes_sha256"
                                        ]
                                      }
                                    ],
                                    "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                  },
                                  {
                                    "title": "Applications",
                                    "required": [
                                      "applications"
                                    ],
                                    "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                  },
                                  {
                                    "title": "Vendors",
                                    "required": [
                                      "vendors"
                                    ],
                                    "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                  },
                                  {
                                    "title": "Certificate property",
                                    "required": [
                                      "digital_signatures"
                                    ],
                                    "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                  }
                                ],
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "description": "App Block Rule Name",
                                    "examples": [
                                      "app_block_rule_1"
                                    ]
                                  },
                                  "action": {
                                    "type": "string",
                                    "descripion": "App Block Rule Action",
                                    "enum": [
                                      "block",
                                      "report"
                                    ]
                                  },
                                  "files": {
                                    "type": "array",
                                    "description": "Blocked file paths",
                                    "items": {
                                      "type": "string"
                                    },
                                    "examples": [
                                      [
                                        "/example/path/1",
                                        "/exapmle/path/2"
                                      ]
                                    ]
                                  },
                                  "file_properties": {
                                    "type": "array",
                                    "description": "Blocked file properties",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "property": {
                                          "type": "string"
                                        },
                                        "value": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  },
                                  "hashes_md5": {
                                    "type": "array",
                                    "description": "Blocked Md5 hashes",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "hash": {
                                          "type": "string"
                                        },
                                        "size": {
                                          "type": "number"
                                        }
                                      }
                                    },
                                    "examples": [
                                      [
                                        {
                                          "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                          "size": 123
                                        },
                                        {
                                          "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                          "size": 456
                                        }
                                      ]
                                    ]
                                  },
                                  "hashes_sha1": {
                                    "type": "array",
                                    "description": "Blocked SHA1 hashes",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "hash": {
                                          "type": "string"
                                        },
                                        "size": {
                                          "type": "number"
                                        }
                                      }
                                    },
                                    "examples": [
                                      [
                                        {
                                          "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                          "size": 123
                                        },
                                        {
                                          "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                          "size": 456
                                        }
                                      ]
                                    ]
                                  },
                                  "hashes_sha256": {
                                    "type": "array",
                                    "description": "Blocked SHA256 hashes",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "hash": {
                                          "type": "string"
                                        },
                                        "size": {
                                          "type": "number"
                                        }
                                      }
                                    },
                                    "examples": [
                                      [
                                        {
                                          "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                          "size": 123
                                        },
                                        {
                                          "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                          "size": 456
                                        }
                                      ]
                                    ]
                                  },
                                  "applications": {
                                    "type": "array",
                                    "description": "Blocked Applications",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "vendor_id": {
                                          "type": "integer",
                                          "description": "OPSWAT Vendor Id"
                                        },
                                        "vendor_name": {
                                          "type": "string",
                                          "description": "OPSWAT Vendor Name"
                                        },
                                        "signature_id": {
                                          "type": "integer",
                                          "description": "OPSWAT Signature Id"
                                        },
                                        "signature_name": {
                                          "type": "string",
                                          "description": "OPSWAT Signature Name"
                                        },
                                        "product_name": {
                                          "type": "string",
                                          "description": "OPSWAT Product Name"
                                        },
                                        "product_id": {
                                          "type": "integer",
                                          "description": "OPSWAT Product ID"
                                        }
                                      },
                                      "required": [
                                        "signature_id"
                                      ]
                                    },
                                    "examples": [
                                      [
                                        {
                                          "vendor_id": "111",
                                          "vendor_name": "Example Vendor",
                                          "signature_id": "1111",
                                          "signature_name": "Example Signature",
                                          "product_id": "Example Product Id",
                                          "product_name": "Example Produc Name"
                                        }
                                      ]
                                    ]
                                  },
                                  "vendors": {
                                    "type": "array",
                                    "description": "Blocked Vendors",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "vendor_id": {
                                          "type": "integer",
                                          "description": "OPSWAT Vendor Id"
                                        },
                                        "vendor_name": {
                                          "type": "string",
                                          "description": "OPSWAT Vendor Name"
                                        }
                                      }
                                    },
                                    "examples": [
                                      [
                                        {
                                          "vendor_id": "1111",
                                          "vendor_name": "Example Vendor"
                                        }
                                      ]
                                    ]
                                  },
                                  "digital_signatures": {
                                    "type": "array",
                                    "description": "Blocked digital signatures",
                                    "items": {
                                      "type": "object",
                                      "properties": {
                                        "property": {
                                          "type": "string"
                                        },
                                        "value": {
                                          "type": "string"
                                        }
                                      }
                                    }
                                  }
                                }
                              },
                              "policy_ids": {
                                "type": "array",
                                "title": "Policies associated with the rule",
                                "items": {
                                  "type": "string",
                                  "title": "Policy ID"
                                },
                                "examples": [
                                  [
                                    "59bd2afa-501c-41a5-aa8e-c5886b6c7f36",
                                    "a54d8a47-d802-49e3-88b9-e8eaf7d8f148"
                                  ]
                                ]
                              },
                              "policies_exclude": {
                                "type": "boolean",
                                "title": "If the property is true, the specified policies are excluded",
                                "default": false
                              },
                              "enabled": {
                                "type": "boolean",
                                "title": "Enable the rule",
                                "default": true
                              }
                            }
                          },
                          {
                            "type": "object",
                            "properties": {
                              "rule": {
                                "allOf": [
                                  {
                                    "type": "object",
                                    "title": "App Block Rule",
                                    "required": [
                                      "name",
                                      "action"
                                    ],
                                    "oneOf": [
                                      {
                                        "title": "Files",
                                        "required": [
                                          "files"
                                        ],
                                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                      },
                                      {
                                        "title": "File properties",
                                        "required": [
                                          "file_properties"
                                        ],
                                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                      },
                                      {
                                        "title": "Hash",
                                        "anyOf": [
                                          {
                                            "title": "Hash MD5",
                                            "required": [
                                              "hashes_md5"
                                            ]
                                          },
                                          {
                                            "title": "Hash SHA1",
                                            "required": [
                                              "hashes_sha1"
                                            ]
                                          },
                                          {
                                            "title": "Hash SHA256",
                                            "required": [
                                              "hashes_sha256"
                                            ]
                                          }
                                        ],
                                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                      },
                                      {
                                        "title": "Applications",
                                        "required": [
                                          "applications"
                                        ],
                                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                      },
                                      {
                                        "title": "Vendors",
                                        "required": [
                                          "vendors"
                                        ],
                                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                      },
                                      {
                                        "title": "Certificate property",
                                        "required": [
                                          "digital_signatures"
                                        ],
                                        "errorMessage": "Rule must have only one among files, (hashes_md5 and/or hashes_sha1 and/or hashes_sha256), file_properties, applications, vendors, digital_signatures."
                                      }
                                    ],
                                    "properties": {
                                      "name": {
                                        "type": "string",
                                        "description": "App Block Rule Name",
                                        "examples": [
                                          "app_block_rule_1"
                                        ]
                                      },
                                      "action": {
                                        "type": "string",
                                        "descripion": "App Block Rule Action",
                                        "enum": [
                                          "block",
                                          "report"
                                        ]
                                      },
                                      "files": {
                                        "type": "array",
                                        "description": "Blocked file paths",
                                        "items": {
                                          "type": "string"
                                        },
                                        "examples": [
                                          [
                                            "/example/path/1",
                                            "/exapmle/path/2"
                                          ]
                                        ]
                                      },
                                      "file_properties": {
                                        "type": "array",
                                        "description": "Blocked file properties",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "property": {
                                              "type": "string"
                                            },
                                            "value": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      },
                                      "hashes_md5": {
                                        "type": "array",
                                        "description": "Blocked Md5 hashes",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "hash": {
                                              "type": "string"
                                            },
                                            "size": {
                                              "type": "number"
                                            }
                                          }
                                        },
                                        "examples": [
                                          [
                                            {
                                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                              "size": 123
                                            },
                                            {
                                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                              "size": 456
                                            }
                                          ]
                                        ]
                                      },
                                      "hashes_sha1": {
                                        "type": "array",
                                        "description": "Blocked SHA1 hashes",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "hash": {
                                              "type": "string"
                                            },
                                            "size": {
                                              "type": "number"
                                            }
                                          }
                                        },
                                        "examples": [
                                          [
                                            {
                                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                              "size": 123
                                            },
                                            {
                                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                              "size": 456
                                            }
                                          ]
                                        ]
                                      },
                                      "hashes_sha256": {
                                        "type": "array",
                                        "description": "Blocked SHA256 hashes",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "hash": {
                                              "type": "string"
                                            },
                                            "size": {
                                              "type": "number"
                                            }
                                          }
                                        },
                                        "examples": [
                                          [
                                            {
                                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                              "size": 123
                                            },
                                            {
                                              "hash": "36c5d12033b2eaf251bae61c00690ffb17fddc87",
                                              "size": 456
                                            }
                                          ]
                                        ]
                                      },
                                      "applications": {
                                        "type": "array",
                                        "description": "Blocked Applications",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "vendor_id": {
                                              "type": "integer",
                                              "description": "OPSWAT Vendor Id"
                                            },
                                            "vendor_name": {
                                              "type": "string",
                                              "description": "OPSWAT Vendor Name"
                                            },
                                            "signature_id": {
                                              "type": "integer",
                                              "description": "OPSWAT Signature Id"
                                            },
                                            "signature_name": {
                                              "type": "string",
                                              "description": "OPSWAT Signature Name"
                                            },
                                            "product_name": {
                                              "type": "string",
                                              "description": "OPSWAT Product Name"
                                            },
                                            "product_id": {
                                              "type": "integer",
                                              "description": "OPSWAT Product ID"
                                            }
                                          },
                                          "required": [
                                            "signature_id"
                                          ]
                                        },
                                        "examples": [
                                          [
                                            {
                                              "vendor_id": "111",
                                              "vendor_name": "Example Vendor",
                                              "signature_id": "1111",
                                              "signature_name": "Example Signature",
                                              "product_id": "Example Product Id",
                                              "product_name": "Example Produc Name"
                                            }
                                          ]
                                        ]
                                      },
                                      "vendors": {
                                        "type": "array",
                                        "description": "Blocked Vendors",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "vendor_id": {
                                              "type": "integer",
                                              "description": "OPSWAT Vendor Id"
                                            },
                                            "vendor_name": {
                                              "type": "string",
                                              "description": "OPSWAT Vendor Name"
                                            }
                                          }
                                        },
                                        "examples": [
                                          [
                                            {
                                              "vendor_id": "1111",
                                              "vendor_name": "Example Vendor"
                                            }
                                          ]
                                        ]
                                      },
                                      "digital_signatures": {
                                        "type": "array",
                                        "description": "Blocked digital signatures",
                                        "items": {
                                          "type": "object",
                                          "properties": {
                                            "property": {
                                              "type": "string"
                                            },
                                            "value": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      }
                                    }
                                  },
                                  {
                                    "required": [
                                      "id"
                                    ],
                                    "properties": {
                                      "id": {
                                        "type": "string",
                                        "examples": [
                                          "3606af9f-f539-426c-be76-6f9bc18531e2"
                                        ]
                                      }
                                    }
                                  }
                                ]
                              },
                              "created_at": {
                                "type": "string",
                                "examples": [
                                  "2022-11-09T14:34:04.181428Z"
                                ]
                              },
                              "created_by": {
                                "type": "string",
                                "examples": [
                                  "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                                ]
                              },
                              "updated_at": {
                                "type": "string",
                                "examples": [
                                  "2022-11-09T14:34:04.181428Z"
                                ]
                              },
                              "updated_by": {
                                "type": "string",
                                "examples": [
                                  "a197e54e-facb-4767-81fe-1e55bd34f0c9"
                                ]
                              },
                              "policies": {
                                "type": "array",
                                "items": {
                                  "type": "object",
                                  "properties": {
                                    "policy_id": {
                                      "type": "string"
                                    },
                                    "policy_name": {
                                      "type": "string"
                                    },
                                    "deleted_at": {
                                      "type": "string"
                                    }
                                  }
                                }
                              },
                              "accounts": {
                                "type": "array",
                                "items": {
                                  "type": "object",
                                  "properties": {
                                    "account_id": {
                                      "type": "string"
                                    },
                                    "account_name": {
                                      "type": "string"
                                    },
                                    "deleted_at": {
                                      "type": "string"
                                    }
                                  }
                                }
                              },
                              "type": {
                                "type": "string",
                                "examples": [
                                  "files",
                                  "hashes",
                                  "file_properties",
                                  "applications",
                                  "vendors",
                                  "digital_signatures"
                                ]
                              }
                            }
                          }
                        ]
                      }
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "App Block"
        ],
        "operationId": "api.nebula.search.app_block_rule"
      }
    },
    "/nebula/v1/installation-token/{token}": {
      "delete": {
        "description": "Revoke an installation token that has not been used yet.",
        "summary": "Revoke installation token",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "token",
            "required": true,
            "in": "path",
            "description": "The token id that is going to be revoked",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Installation token",
                  "examples": [
                    {
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "id": "7qM4",
                      "token": "7qM4-aSdF",
                      "created_by": "5583ddb6-bb2f-42f1-b455-819d373a1b15",
                      "created_at": "2022-09-14T15:10:48.68866Z",
                      "used_at": null,
                      "expires_at": "2022-10-14T15:10:48.68866Z",
                      "sent_to": "aatakan@malwarebytes.com"
                    }
                  ],
                  "properties": {
                    "account_id": {
                      "type": "string",
                      "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "id": {
                      "type": "string",
                      "title": "ID of the Token"
                    },
                    "token": {
                      "type": "string",
                      "title": "Token (only visible during creation)"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "User ID that created the token (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "created_at": {
                      "type": "string",
                      "title": "The time when token is created"
                    },
                    "used_at": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "The time when token is used"
                    },
                    "expires_at": {
                      "type": "string",
                      "title": "The time when token will be expired"
                    },
                    "sent_to": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "The email address token is sent to"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Installation Tokens"
        ],
        "operationId": "api.nebula.delete.installation-token"
      }
    },
    "/nebula/v1/installation-token": {
      "get": {
        "description": "List the installation tokens generated or used",
        "summary": "Get installation tokens",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "sort_by",
            "required": false,
            "in": "query",
            "description": "Field to sort with",
            "schema": {
              "type": "string",
              "enum": [
                "created_at",
                "used_at",
                "expires_at"
              ]
            }
          },
          {
            "name": "sort_order",
            "required": false,
            "in": "query",
            "description": "Sort order",
            "schema": {
              "type": "string",
              "enum": [
                "asc",
                "desc"
              ]
            }
          },
          {
            "name": "include_used",
            "required": false,
            "in": "query",
            "description": "Include or exclude the used tokens",
            "schema": {
              "type": "boolean"
            }
          },
          {
            "name": "include_expired",
            "required": false,
            "in": "query",
            "description": "Include or exclude the expired tokens",
            "schema": {
              "type": "boolean"
            }
          },
          {
            "name": "populate",
            "required": false,
            "in": "query",
            "description": "Specify whether you need to populate the server's response with additional data, like account info or last task",
            "schema": {
              "type": "object"
            }
          },
          {
            "name": "page_size",
            "required": false,
            "in": "query",
            "description": "The size of the page",
            "schema": {
              "type": "string",
              "pattern": "^1?\\d{1,3}$"
            }
          },
          {
            "name": "start_index",
            "required": false,
            "in": "query",
            "description": "The index of the first element",
            "schema": {
              "type": "string",
              "pattern": "\\d+$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "List all installation tokens",
                  "required": [
                    "installation_tokens",
                    "total_count"
                  ],
                  "properties": {
                    "installation_tokens": {
                      "type": "array",
                      "title": "List of installation tokens",
                      "items": {
                        "type": "object",
                        "title": "Installation token",
                        "examples": [
                          {
                            "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                            "id": "7qM4",
                            "token": "7qM4-aSdF",
                            "created_by": "5583ddb6-bb2f-42f1-b455-819d373a1b15",
                            "created_at": "2022-09-14T15:10:48.68866Z",
                            "used_at": null,
                            "expires_at": "2022-10-14T15:10:48.68866Z",
                            "sent_to": "aatakan@malwarebytes.com"
                          }
                        ],
                        "properties": {
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "id": {
                            "type": "string",
                            "title": "ID of the Token"
                          },
                          "token": {
                            "type": "string",
                            "title": "Token (only visible during creation)"
                          },
                          "created_by": {
                            "type": "string",
                            "title": "User ID that created the token (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "created_at": {
                            "type": "string",
                            "title": "The time when token is created"
                          },
                          "used_at": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "The time when token is used"
                          },
                          "expires_at": {
                            "type": "string",
                            "title": "The time when token will be expired"
                          },
                          "sent_to": {
                            "type": [
                              "string",
                              "null"
                            ],
                            "title": "The email address token is sent to"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total Count",
                      "description": "Total count of results."
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Installation Tokens"
        ],
        "operationId": "api.nebula.get.installation-token"
      },
      "post": {
        "description": "Generate an installation token to be used. The token will be only visible during this operation.",
        "summary": "Generate an installation tokens",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Installation token",
                  "examples": [
                    {
                      "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                      "id": "7qM4",
                      "token": "7qM4-aSdF",
                      "created_by": "5583ddb6-bb2f-42f1-b455-819d373a1b15",
                      "created_at": "2022-09-14T15:10:48.68866Z",
                      "used_at": null,
                      "expires_at": "2022-10-14T15:10:48.68866Z",
                      "sent_to": "aatakan@malwarebytes.com"
                    }
                  ],
                  "properties": {
                    "account_id": {
                      "type": "string",
                      "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "id": {
                      "type": "string",
                      "title": "ID of the Token"
                    },
                    "token": {
                      "type": "string",
                      "title": "Token (only visible during creation)"
                    },
                    "created_by": {
                      "type": "string",
                      "title": "User ID that created the token (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    },
                    "created_at": {
                      "type": "string",
                      "title": "The time when token is created"
                    },
                    "used_at": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "The time when token is used"
                    },
                    "expires_at": {
                      "type": "string",
                      "title": "The time when token will be expired"
                    },
                    "sent_to": {
                      "type": [
                        "string",
                        "null"
                      ],
                      "title": "The email address token is sent to"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Installation Tokens"
        ],
        "operationId": "api.nebula.post.installation-token"
      }
    },
    "/nebula/v1/installation-token/send": {
      "post": {
        "description": "Send installation tokens to batches of emails",
        "summary": "Send installation tokens",
        "security": [
          {
            "client_credentials": [
              "write",
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "List of emails that installation tokens will be delivered to",
                "additionalProperties": false,
                "required": [
                  "emails"
                ],
                "properties": {
                  "emails": {
                    "type": "array",
                    "title": "List of emails",
                    "items": {
                      "type": "string",
                      "pattern": "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {},
        "tags": [
          "Installation Tokens"
        ],
        "operationId": "api.nebula.post.send-installation-token"
      }
    },
    "/nebula/v1/accounts/{account_id}/preferences/notifications": {
      "get": {
        "description": "Get notifications delivery preferences",
        "summary": "Get notifications preferences",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "account_id",
            "required": true,
            "in": "path",
            "description": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema#",
                  "title": "Notifications options",
                  "type": "object",
                  "properties": {
                    "webhook": {
                      "title": "Webhook",
                      "type": "boolean",
                      "default": "true"
                    },
                    "email": {
                      "title": "Email",
                      "type": "boolean",
                      "default": "true"
                    },
                    "slack": {
                      "title": "Slack",
                      "type": "boolean",
                      "default": "true"
                    },
                    "teams": {
                      "title": "Teams",
                      "type": "boolean",
                      "default": "true"
                    },
                    "mobile": {
                      "title": "Mobile App (for Nebula only)",
                      "type": "boolean",
                      "default": "true"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Preferences"
        ],
        "operationId": "api.rmm.get.preferences.notifications"
      },
      "put": {
        "description": "Put notifications delivery preferences",
        "summary": "Put notifications preferences",
        "security": [
          {
            "client_credentials": [
              "read",
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "account_id",
            "required": true,
            "in": "path",
            "description": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$schema": "http://json-schema.org/draft-07/schema#",
                "title": "Notifications options",
                "type": "object",
                "properties": {
                  "webhook": {
                    "title": "Webhook",
                    "type": "boolean",
                    "default": "true"
                  },
                  "email": {
                    "title": "Email",
                    "type": "boolean",
                    "default": "true"
                  },
                  "slack": {
                    "title": "Slack",
                    "type": "boolean",
                    "default": "true"
                  },
                  "teams": {
                    "title": "Teams",
                    "type": "boolean",
                    "default": "true"
                  },
                  "mobile": {
                    "title": "Mobile App (for Nebula only)",
                    "type": "boolean",
                    "default": "true"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema#",
                  "title": "Notifications options",
                  "type": "object",
                  "properties": {
                    "webhook": {
                      "title": "Webhook",
                      "type": "boolean",
                      "default": "true"
                    },
                    "email": {
                      "title": "Email",
                      "type": "boolean",
                      "default": "true"
                    },
                    "slack": {
                      "title": "Slack",
                      "type": "boolean",
                      "default": "true"
                    },
                    "teams": {
                      "title": "Teams",
                      "type": "boolean",
                      "default": "true"
                    },
                    "mobile": {
                      "title": "Mobile App (for Nebula only)",
                      "type": "boolean",
                      "default": "true"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Preferences"
        ],
        "operationId": "api.rmm.put.preferences.notifications"
      }
    },
    "/nebula/v1/mdr/config": {
      "post": {
        "description": "Configure managed service (MDR/MTH/MXDR) settings",
        "summary": "Configure managed settings",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "MDR configuration object",
                "additionalProperties": true,
                "properties": {
                  "primary_contact": {
                    "type": "object",
                    "properties": {
                      "user_id": {
                        "type": "string",
                        "title": "User ID",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "phone": {
                        "type": "string",
                        "title": "Phone number"
                      },
                      "email": {
                        "type": "string",
                        "title": "Email"
                      }
                    }
                  },
                  "secondary_contact": {
                    "type": [
                      "object",
                      "null"
                    ],
                    "properties": {
                      "user_id": {
                        "type": "string",
                        "title": "User ID",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "phone": {
                        "type": "string",
                        "title": "Phone number"
                      },
                      "email": {
                        "type": "string",
                        "title": "Email"
                      }
                    }
                  },
                  "tertiary_contact": {
                    "type": [
                      "object",
                      "null"
                    ],
                    "properties": {
                      "user_id": {
                        "type": "string",
                        "title": "User ID",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      },
                      "phone": {
                        "type": "string",
                        "title": "Phone number"
                      },
                      "email": {
                        "type": "string",
                        "title": "Email"
                      }
                    }
                  },
                  "endpoint_isolation": {
                    "title": "Endpoint isolation",
                    "type": "boolean"
                  },
                  "additional_recipients": {
                    "type": [
                      "array",
                      "null"
                    ],
                    "title": "Additional recipients",
                    "items": {
                      "type": "string",
                      "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                      "examples": [
                        "9256034b-7967-4253-a5d9-260663e4fa4f"
                      ]
                    }
                  },
                  "collaboration_method": {
                    "title": "Collaboration method",
                    "type": "string",
                    "enum": [
                      "Do it for me",
                      "Notify only",
                      "Collaborate",
                      "MTH / Managed Threat Hunting",
                      "XDR"
                    ]
                  },
                  "is_trial": {
                    "title": "Is trial",
                    "type": "boolean"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "MDR"
        ],
        "operationId": "api.nebula.mdr.config.post"
      },
      "get": {
        "description": "Get managed service (MDR/MTH/MXDR) settings",
        "summary": "Get managed settings",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "MDR configuration object",
                  "additionalProperties": true,
                  "properties": {
                    "primary_contact": {
                      "type": "object",
                      "properties": {
                        "user_id": {
                          "type": "string",
                          "title": "User ID",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        },
                        "phone": {
                          "type": "string",
                          "title": "Phone number"
                        },
                        "email": {
                          "type": "string",
                          "title": "Email"
                        }
                      }
                    },
                    "secondary_contact": {
                      "type": [
                        "object",
                        "null"
                      ],
                      "properties": {
                        "user_id": {
                          "type": "string",
                          "title": "User ID",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        },
                        "phone": {
                          "type": "string",
                          "title": "Phone number"
                        },
                        "email": {
                          "type": "string",
                          "title": "Email"
                        }
                      }
                    },
                    "tertiary_contact": {
                      "type": [
                        "object",
                        "null"
                      ],
                      "properties": {
                        "user_id": {
                          "type": "string",
                          "title": "User ID",
                          "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                          "examples": [
                            "9256034b-7967-4253-a5d9-260663e4fa4f"
                          ]
                        },
                        "phone": {
                          "type": "string",
                          "title": "Phone number"
                        },
                        "email": {
                          "type": "string",
                          "title": "Email"
                        }
                      }
                    },
                    "endpoint_isolation": {
                      "title": "Endpoint isolation",
                      "type": "boolean"
                    },
                    "additional_recipients": {
                      "type": [
                        "array",
                        "null"
                      ],
                      "title": "Additional recipients",
                      "items": {
                        "type": "string",
                        "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                        "examples": [
                          "9256034b-7967-4253-a5d9-260663e4fa4f"
                        ]
                      }
                    },
                    "collaboration_method": {
                      "title": "Collaboration method",
                      "type": "string",
                      "enum": [
                        "Do it for me",
                        "Notify only",
                        "Collaborate",
                        "MTH / Managed Threat Hunting",
                        "XDR"
                      ]
                    },
                    "is_trial": {
                      "title": "Is trial",
                      "type": "boolean"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "MDR"
        ],
        "operationId": "api.nebula.mdr.config.get"
      }
    },
    "/nebula/v1/firewall/policies": {
      "post": {
        "description": "Create a new firewall policy",
        "summary": "Create a new firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create firewall policy",
                "required": [
                  "name",
                  "allow_store",
                  "enabled"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Firewall policy",
                    "properties": {
                      "name": {
                        "type": "string",
                        "title": "Firewall policy name"
                      },
                      "description": {
                        "type": "string",
                        "title": "Firewall policy description"
                      },
                      "allow_store": {
                        "type": "boolean",
                        "title": "Allow store"
                      },
                      "enabled": {
                        "type": "boolean",
                        "title": "Enabled controls if the agent is sent the Firewall plugin."
                      },
                      "profiles": {
                        "type": "array",
                        "title": "Profiles",
                        "items": {
                          "type": "object",
                          "title": "Firewall profile",
                          "properties": {
                            "type": {
                              "type": "number",
                              "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                              "enum": [
                                1,
                                2,
                                4
                              ]
                            },
                            "firewall_enabled": {
                              "type": "boolean",
                              "title": "Firewall enabled"
                            },
                            "inbound_mode": {
                              "type": "string",
                              "title": "Inbound mode",
                              "enum": [
                                "ALLOW",
                                "BLOCK",
                                "BLOCK_ALL"
                              ]
                            },
                            "outbound_mode": {
                              "type": "string",
                              "title": "Outbound mode",
                              "enum": [
                                "ALLOW",
                                "BLOCK"
                              ]
                            }
                          }
                        }
                      },
                      "report_frequency": {
                        "type": "number",
                        "title": "Report frequency in minutes",
                        "minimum": 5,
                        "default": 60,
                        "maximum": 1440
                      }
                    }
                  },
                  {
                    "properties": {
                      "policies": {
                        "type": "array",
                        "title": "Policy IDs",
                        "items": {
                          "type": "string",
                          "format": "uuid"
                        }
                      },
                      "rulesets": {
                        "type": "array",
                        "title": "Ruleset IDs",
                        "items": {
                          "type": "string",
                          "format": "uuid"
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.post.firewall.policy"
      },
      "get": {
        "description": "Get firewall policies",
        "summary": "Get firewall policies",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "page_size",
            "required": false,
            "in": "query",
            "schema": {
              "type": "number"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get firewall policies response",
                  "properties": {
                    "total": {
                      "type": "number",
                      "title": "Total number of firewall policies"
                    },
                    "policies": {
                      "type": "array",
                      "title": "Firewall policies",
                      "items": {
                        "title": "Get firewall policy response",
                        "type": "object",
                        "required": [
                          "id"
                        ],
                        "allOf": [
                          {
                            "type": "object",
                            "title": "Firewall policy",
                            "properties": {
                              "name": {
                                "type": "string",
                                "title": "Firewall policy name"
                              },
                              "description": {
                                "type": "string",
                                "title": "Firewall policy description"
                              },
                              "allow_store": {
                                "type": "boolean",
                                "title": "Allow store"
                              },
                              "enabled": {
                                "type": "boolean",
                                "title": "Enabled controls if the agent is sent the Firewall plugin."
                              },
                              "profiles": {
                                "type": "array",
                                "title": "Profiles",
                                "items": {
                                  "type": "object",
                                  "title": "Firewall profile",
                                  "properties": {
                                    "type": {
                                      "type": "number",
                                      "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                      "enum": [
                                        1,
                                        2,
                                        4
                                      ]
                                    },
                                    "firewall_enabled": {
                                      "type": "boolean",
                                      "title": "Firewall enabled"
                                    },
                                    "inbound_mode": {
                                      "type": "string",
                                      "title": "Inbound mode",
                                      "enum": [
                                        "ALLOW",
                                        "BLOCK",
                                        "BLOCK_ALL"
                                      ]
                                    },
                                    "outbound_mode": {
                                      "type": "string",
                                      "title": "Outbound mode",
                                      "enum": [
                                        "ALLOW",
                                        "BLOCK"
                                      ]
                                    }
                                  }
                                }
                              },
                              "report_frequency": {
                                "type": "number",
                                "title": "Report frequency in minutes",
                                "minimum": 5,
                                "default": 60,
                                "maximum": 1440
                              }
                            }
                          },
                          {
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "Firewall policy ID"
                              },
                              "rulesets": {
                                "type": "array",
                                "title": "Rulesets",
                                "items": {
                                  "title": "Get firewall ruleset response",
                                  "type": "object",
                                  "required": [
                                    "id"
                                  ],
                                  "allOf": [
                                    {
                                      "title": "Firewall ruleset",
                                      "type": "object",
                                      "properties": {
                                        "name": {
                                          "type": "string",
                                          "title": "Firewall ruleset name"
                                        },
                                        "description": {
                                          "type": "string",
                                          "title": "Firewall ruleset description"
                                        }
                                      }
                                    },
                                    {
                                      "properties": {
                                        "id": {
                                          "type": "string",
                                          "title": "Firewall rule ID"
                                        },
                                        "created_at": {
                                          "type": "string",
                                          "title": "Created at",
                                          "format": "date-time"
                                        },
                                        "updated_at": {
                                          "type": "string",
                                          "title": "Updated at",
                                          "format": "date-time"
                                        },
                                        "deleted_at": {
                                          "type": "string",
                                          "title": "Deleted at",
                                          "format": "date-time"
                                        },
                                        "created_by": {
                                          "type": "string",
                                          "title": "Created by"
                                        },
                                        "updated_by": {
                                          "type": "string",
                                          "title": "Updated by"
                                        },
                                        "deleted_by": {
                                          "type": "string",
                                          "title": "Deleted by"
                                        },
                                        "account_id": {
                                          "type": "string",
                                          "title": "Account ID",
                                          "format": "uuid"
                                        },
                                        "parent_account_id": {
                                          "type": "string",
                                          "title": "Parent account ID",
                                          "format": "uuid"
                                        },
                                        "etag": {
                                          "type": "string",
                                          "title": "ETag"
                                        },
                                        "rules": {
                                          "type": "array",
                                          "title": "Rules",
                                          "items": {
                                            "type": "object",
                                            "title": "Get firewall rule response",
                                            "required": [
                                              "id"
                                            ],
                                            "allOf": [
                                              {
                                                "type": "object",
                                                "title": "Firewall rule",
                                                "properties": {
                                                  "name": {
                                                    "type": "string",
                                                    "title": "Firewall rule name"
                                                  },
                                                  "description": {
                                                    "type": "string",
                                                    "title": "Firewall rule description"
                                                  },
                                                  "program": {
                                                    "type": "string",
                                                    "title": "Firewall rule program"
                                                  },
                                                  "action": {
                                                    "type": "string",
                                                    "title": "Firewall rule action",
                                                    "enum": [
                                                      "ALLOW",
                                                      "BLOCK"
                                                    ]
                                                  },
                                                  "direction": {
                                                    "type": "string",
                                                    "title": "Firewall rule direction",
                                                    "enum": [
                                                      "IN",
                                                      "OUT"
                                                    ]
                                                  },
                                                  "enabled": {
                                                    "type": "boolean",
                                                    "title": "Enabled"
                                                  },
                                                  "location": {
                                                    "type": "number",
                                                    "title": "Location"
                                                  },
                                                  "local_addresses": {
                                                    "type": "array",
                                                    "title": "Local addresses",
                                                    "items": {
                                                      "anyOf": [
                                                        {
                                                          "type": "string",
                                                          "description": "local IPv4 address",
                                                          "format": "ipv4"
                                                        },
                                                        {
                                                          "type": "string",
                                                          "description": "local explicit IPv4 range",
                                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                        },
                                                        {
                                                          "type": "string",
                                                          "description": "local CIDR IPv4 range",
                                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                        },
                                                        {
                                                          "type": "string",
                                                          "description": "IPv6 address",
                                                          "format": "ipv6"
                                                        },
                                                        {
                                                          "type": "string",
                                                          "description": "IPv6 range CIDR",
                                                          "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                        },
                                                        {
                                                          "type": "string",
                                                          "description": "explicit IPv6 range",
                                                          "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                        },
                                                        {
                                                          "type": "string",
                                                          "const": "LocalSubnet"
                                                        }
                                                      ]
                                                    }
                                                  },
                                                  "local_ports": {
                                                    "type": "array",
                                                    "title": "Local ports",
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "remote_addresses": {
                                                    "type": "array",
                                                    "title": "Remote addresses",
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "remote_ports": {
                                                    "type": "array",
                                                    "title": "Remote ports",
                                                    "items": {
                                                      "type": "string"
                                                    }
                                                  },
                                                  "protocol": {
                                                    "type": [
                                                      "integer",
                                                      "null"
                                                    ],
                                                    "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                                    "enum": [
                                                      0,
                                                      1,
                                                      2,
                                                      6,
                                                      17,
                                                      41,
                                                      43,
                                                      44,
                                                      47,
                                                      50,
                                                      51,
                                                      58,
                                                      59,
                                                      60,
                                                      112,
                                                      113,
                                                      115,
                                                      256
                                                    ]
                                                  },
                                                  "service": {
                                                    "type": "string"
                                                  },
                                                  "os_type": {
                                                    "type": "integer",
                                                    "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                                    "enum": [
                                                      1,
                                                      2,
                                                      3
                                                    ]
                                                  }
                                                }
                                              },
                                              {
                                                "properties": {
                                                  "id": {
                                                    "type": "string",
                                                    "title": "Firewall rule ID"
                                                  },
                                                  "created_at": {
                                                    "type": "string",
                                                    "title": "Created at",
                                                    "format": "date-time"
                                                  },
                                                  "updated_at": {
                                                    "type": "string",
                                                    "title": "Updated at",
                                                    "format": "date-time"
                                                  },
                                                  "deleted_at": {
                                                    "type": "string",
                                                    "title": "Deleted at",
                                                    "format": "date-time"
                                                  },
                                                  "created_by": {
                                                    "type": "string",
                                                    "title": "Created by"
                                                  },
                                                  "updated_by": {
                                                    "type": "string",
                                                    "title": "Updated by"
                                                  },
                                                  "deleted_by": {
                                                    "type": "string",
                                                    "title": "Deleted by"
                                                  },
                                                  "account_id": {
                                                    "type": "string",
                                                    "title": "Account ID",
                                                    "format": "uuid"
                                                  },
                                                  "parent_account_id": {
                                                    "type": "string",
                                                    "title": "Parent account ID",
                                                    "format": "uuid"
                                                  },
                                                  "etag": {
                                                    "type": "string",
                                                    "title": "ETag"
                                                  },
                                                  "is_default": {
                                                    "type": "boolean",
                                                    "title": "Indicated whether the rule is default"
                                                  },
                                                  "edge_traversal": {
                                                    "type": "integer",
                                                    "title": "Edge traversal"
                                                  },
                                                  "icmp_types": {
                                                    "type": "string",
                                                    "description": "ICMP types"
                                                  }
                                                }
                                              }
                                            ]
                                          }
                                        },
                                        "is_default": {
                                          "type": "boolean",
                                          "title": "Indicated whether the ruleset is default"
                                        },
                                        "internal_name": {
                                          "type": "string",
                                          "title": "Internal name"
                                        }
                                      }
                                    }
                                  ]
                                }
                              },
                              "policies": {
                                "type": "array",
                                "items": {
                                  "type": "object"
                                }
                              },
                              "created_at": {
                                "type": "string",
                                "title": "Created at",
                                "format": "date-time"
                              },
                              "updated_at": {
                                "type": "string",
                                "title": "Updated at",
                                "format": "date-time"
                              },
                              "deleted_at": {
                                "type": "string",
                                "title": "Deleted at",
                                "format": "date-time"
                              },
                              "created_by": {
                                "type": "string",
                                "title": "Created by"
                              },
                              "updated_by": {
                                "type": "string",
                                "title": "Updated by"
                              },
                              "deleted_by": {
                                "type": "string",
                                "title": "Deleted by"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID",
                                "format": "uuid"
                              },
                              "parent_account_id": {
                                "type": "string",
                                "title": "Parent account ID",
                                "format": "uuid"
                              }
                            }
                          }
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.policies"
      }
    },
    "/nebula/v1/firewall/rules": {
      "post": {
        "description": "Create a new firewall rule",
        "summary": "Create a new firewall rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create firewall rule",
                "required": [
                  "name",
                  "action",
                  "direction",
                  "enabled",
                  "os_type"
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Firewall rule",
                    "properties": {
                      "name": {
                        "type": "string",
                        "title": "Firewall rule name"
                      },
                      "description": {
                        "type": "string",
                        "title": "Firewall rule description"
                      },
                      "program": {
                        "type": "string",
                        "title": "Firewall rule program"
                      },
                      "action": {
                        "type": "string",
                        "title": "Firewall rule action",
                        "enum": [
                          "ALLOW",
                          "BLOCK"
                        ]
                      },
                      "direction": {
                        "type": "string",
                        "title": "Firewall rule direction",
                        "enum": [
                          "IN",
                          "OUT"
                        ]
                      },
                      "enabled": {
                        "type": "boolean",
                        "title": "Enabled"
                      },
                      "location": {
                        "type": "number",
                        "title": "Location"
                      },
                      "local_addresses": {
                        "type": "array",
                        "title": "Local addresses",
                        "items": {
                          "anyOf": [
                            {
                              "type": "string",
                              "description": "local IPv4 address",
                              "format": "ipv4"
                            },
                            {
                              "type": "string",
                              "description": "local explicit IPv4 range",
                              "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                            },
                            {
                              "type": "string",
                              "description": "local CIDR IPv4 range",
                              "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                            },
                            {
                              "type": "string",
                              "description": "IPv6 address",
                              "format": "ipv6"
                            },
                            {
                              "type": "string",
                              "description": "IPv6 range CIDR",
                              "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                            },
                            {
                              "type": "string",
                              "description": "explicit IPv6 range",
                              "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                            },
                            {
                              "type": "string",
                              "const": "LocalSubnet"
                            }
                          ]
                        }
                      },
                      "local_ports": {
                        "type": "array",
                        "title": "Local ports",
                        "items": {
                          "type": "string"
                        }
                      },
                      "remote_addresses": {
                        "type": "array",
                        "title": "Remote addresses",
                        "items": {
                          "type": "string"
                        }
                      },
                      "remote_ports": {
                        "type": "array",
                        "title": "Remote ports",
                        "items": {
                          "type": "string"
                        }
                      },
                      "protocol": {
                        "type": [
                          "integer",
                          "null"
                        ],
                        "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                        "enum": [
                          0,
                          1,
                          2,
                          6,
                          17,
                          41,
                          43,
                          44,
                          47,
                          50,
                          51,
                          58,
                          59,
                          60,
                          112,
                          113,
                          115,
                          256
                        ]
                      },
                      "service": {
                        "type": "string"
                      },
                      "os_type": {
                        "type": "integer",
                        "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                        "enum": [
                          1,
                          2,
                          3
                        ]
                      }
                    }
                  },
                  {
                    "properties": {
                      "protocol": {
                        "type": "integer",
                        "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                        "enum": [
                          0,
                          1,
                          2,
                          6,
                          17,
                          41,
                          43,
                          44,
                          47,
                          50,
                          51,
                          58,
                          59,
                          60,
                          112,
                          113,
                          115,
                          256
                        ],
                        "default": 256
                      },
                      "rulesets": {
                        "type": "array",
                        "title": "Ruleset IDs",
                        "items": {
                          "type": "string"
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get firewall rule response",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall rule",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall rule name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall rule description"
                        },
                        "program": {
                          "type": "string",
                          "title": "Firewall rule program"
                        },
                        "action": {
                          "type": "string",
                          "title": "Firewall rule action",
                          "enum": [
                            "ALLOW",
                            "BLOCK"
                          ]
                        },
                        "direction": {
                          "type": "string",
                          "title": "Firewall rule direction",
                          "enum": [
                            "IN",
                            "OUT"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled"
                        },
                        "location": {
                          "type": "number",
                          "title": "Location"
                        },
                        "local_addresses": {
                          "type": "array",
                          "title": "Local addresses",
                          "items": {
                            "anyOf": [
                              {
                                "type": "string",
                                "description": "local IPv4 address",
                                "format": "ipv4"
                              },
                              {
                                "type": "string",
                                "description": "local explicit IPv4 range",
                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                              },
                              {
                                "type": "string",
                                "description": "local CIDR IPv4 range",
                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                              },
                              {
                                "type": "string",
                                "description": "IPv6 address",
                                "format": "ipv6"
                              },
                              {
                                "type": "string",
                                "description": "IPv6 range CIDR",
                                "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                              },
                              {
                                "type": "string",
                                "description": "explicit IPv6 range",
                                "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                              },
                              {
                                "type": "string",
                                "const": "LocalSubnet"
                              }
                            ]
                          }
                        },
                        "local_ports": {
                          "type": "array",
                          "title": "Local ports",
                          "items": {
                            "type": "string"
                          }
                        },
                        "remote_addresses": {
                          "type": "array",
                          "title": "Remote addresses",
                          "items": {
                            "type": "string"
                          }
                        },
                        "remote_ports": {
                          "type": "array",
                          "title": "Remote ports",
                          "items": {
                            "type": "string"
                          }
                        },
                        "protocol": {
                          "type": [
                            "integer",
                            "null"
                          ],
                          "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                          "enum": [
                            0,
                            1,
                            2,
                            6,
                            17,
                            41,
                            43,
                            44,
                            47,
                            50,
                            51,
                            58,
                            59,
                            60,
                            112,
                            113,
                            115,
                            256
                          ]
                        },
                        "service": {
                          "type": "string"
                        },
                        "os_type": {
                          "type": "integer",
                          "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                          "enum": [
                            1,
                            2,
                            3
                          ]
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the rule is default"
                        },
                        "edge_traversal": {
                          "type": "integer",
                          "title": "Edge traversal"
                        },
                        "icmp_types": {
                          "type": "string",
                          "description": "ICMP types"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.post.firewall.rule"
      },
      "get": {
        "description": "Get firewall rules",
        "summary": "Get firewall rules",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "page_size",
            "required": false,
            "in": "query",
            "schema": {
              "type": "number"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get firewall rules response",
                  "properties": {
                    "total": {
                      "type": "number",
                      "title": "Total number of firewall rules"
                    },
                    "rules": {
                      "type": "array",
                      "title": "Firewall rules",
                      "items": {
                        "type": "object",
                        "title": "Get firewall rule response",
                        "required": [
                          "id"
                        ],
                        "allOf": [
                          {
                            "type": "object",
                            "title": "Firewall rule",
                            "properties": {
                              "name": {
                                "type": "string",
                                "title": "Firewall rule name"
                              },
                              "description": {
                                "type": "string",
                                "title": "Firewall rule description"
                              },
                              "program": {
                                "type": "string",
                                "title": "Firewall rule program"
                              },
                              "action": {
                                "type": "string",
                                "title": "Firewall rule action",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              },
                              "direction": {
                                "type": "string",
                                "title": "Firewall rule direction",
                                "enum": [
                                  "IN",
                                  "OUT"
                                ]
                              },
                              "enabled": {
                                "type": "boolean",
                                "title": "Enabled"
                              },
                              "location": {
                                "type": "number",
                                "title": "Location"
                              },
                              "local_addresses": {
                                "type": "array",
                                "title": "Local addresses",
                                "items": {
                                  "anyOf": [
                                    {
                                      "type": "string",
                                      "description": "local IPv4 address",
                                      "format": "ipv4"
                                    },
                                    {
                                      "type": "string",
                                      "description": "local explicit IPv4 range",
                                      "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                    },
                                    {
                                      "type": "string",
                                      "description": "local CIDR IPv4 range",
                                      "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                    },
                                    {
                                      "type": "string",
                                      "description": "IPv6 address",
                                      "format": "ipv6"
                                    },
                                    {
                                      "type": "string",
                                      "description": "IPv6 range CIDR",
                                      "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                    },
                                    {
                                      "type": "string",
                                      "description": "explicit IPv6 range",
                                      "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                    },
                                    {
                                      "type": "string",
                                      "const": "LocalSubnet"
                                    }
                                  ]
                                }
                              },
                              "local_ports": {
                                "type": "array",
                                "title": "Local ports",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "remote_addresses": {
                                "type": "array",
                                "title": "Remote addresses",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "remote_ports": {
                                "type": "array",
                                "title": "Remote ports",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "protocol": {
                                "type": [
                                  "integer",
                                  "null"
                                ],
                                "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                "enum": [
                                  0,
                                  1,
                                  2,
                                  6,
                                  17,
                                  41,
                                  43,
                                  44,
                                  47,
                                  50,
                                  51,
                                  58,
                                  59,
                                  60,
                                  112,
                                  113,
                                  115,
                                  256
                                ]
                              },
                              "service": {
                                "type": "string"
                              },
                              "os_type": {
                                "type": "integer",
                                "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                "enum": [
                                  1,
                                  2,
                                  3
                                ]
                              }
                            }
                          },
                          {
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "Firewall rule ID"
                              },
                              "created_at": {
                                "type": "string",
                                "title": "Created at",
                                "format": "date-time"
                              },
                              "updated_at": {
                                "type": "string",
                                "title": "Updated at",
                                "format": "date-time"
                              },
                              "deleted_at": {
                                "type": "string",
                                "title": "Deleted at",
                                "format": "date-time"
                              },
                              "created_by": {
                                "type": "string",
                                "title": "Created by"
                              },
                              "updated_by": {
                                "type": "string",
                                "title": "Updated by"
                              },
                              "deleted_by": {
                                "type": "string",
                                "title": "Deleted by"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID",
                                "format": "uuid"
                              },
                              "parent_account_id": {
                                "type": "string",
                                "title": "Parent account ID",
                                "format": "uuid"
                              },
                              "etag": {
                                "type": "string",
                                "title": "ETag"
                              },
                              "is_default": {
                                "type": "boolean",
                                "title": "Indicated whether the rule is default"
                              },
                              "edge_traversal": {
                                "type": "integer",
                                "title": "Edge traversal"
                              },
                              "icmp_types": {
                                "type": "string",
                                "description": "ICMP types"
                              }
                            }
                          }
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.rules"
      }
    },
    "/nebula/v1/firewall/rulesets": {
      "post": {
        "description": "Create a new firewall ruleset",
        "summary": "Create a new firewall ruleset",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create firewall ruleset",
                "required": [
                  "name"
                ],
                "allOf": [
                  {
                    "title": "Firewall ruleset",
                    "type": "object",
                    "properties": {
                      "name": {
                        "type": "string",
                        "title": "Firewall ruleset name"
                      },
                      "description": {
                        "type": "string",
                        "title": "Firewall ruleset description"
                      }
                    }
                  },
                  {
                    "properties": {
                      "rules": {
                        "type": "array",
                        "title": "Rule IDs",
                        "items": {
                          "type": "string",
                          "format": "uuid"
                        }
                      },
                      "firewall_policies": {
                        "type": "array",
                        "title": "Firewall policy IDs",
                        "items": {
                          "type": "string",
                          "format": "uuid"
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall ruleset response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "title": "Firewall ruleset",
                      "type": "object",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall ruleset name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall ruleset description"
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "rules": {
                          "type": "array",
                          "title": "Rules",
                          "items": {
                            "type": "object",
                            "title": "Get firewall rule response",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "type": "object",
                                "title": "Firewall rule",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall rule name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall rule description"
                                  },
                                  "program": {
                                    "type": "string",
                                    "title": "Firewall rule program"
                                  },
                                  "action": {
                                    "type": "string",
                                    "title": "Firewall rule action",
                                    "enum": [
                                      "ALLOW",
                                      "BLOCK"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Firewall rule direction",
                                    "enum": [
                                      "IN",
                                      "OUT"
                                    ]
                                  },
                                  "enabled": {
                                    "type": "boolean",
                                    "title": "Enabled"
                                  },
                                  "location": {
                                    "type": "number",
                                    "title": "Location"
                                  },
                                  "local_addresses": {
                                    "type": "array",
                                    "title": "Local addresses",
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "description": "local IPv4 address",
                                          "format": "ipv4"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local explicit IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local CIDR IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 address",
                                          "format": "ipv6"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 range CIDR",
                                          "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "explicit IPv6 range",
                                          "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                        },
                                        {
                                          "type": "string",
                                          "const": "LocalSubnet"
                                        }
                                      ]
                                    }
                                  },
                                  "local_ports": {
                                    "type": "array",
                                    "title": "Local ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_addresses": {
                                    "type": "array",
                                    "title": "Remote addresses",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_ports": {
                                    "type": "array",
                                    "title": "Remote ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "protocol": {
                                    "type": [
                                      "integer",
                                      "null"
                                    ],
                                    "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                    "enum": [
                                      0,
                                      1,
                                      2,
                                      6,
                                      17,
                                      41,
                                      43,
                                      44,
                                      47,
                                      50,
                                      51,
                                      58,
                                      59,
                                      60,
                                      112,
                                      113,
                                      115,
                                      256
                                    ]
                                  },
                                  "service": {
                                    "type": "string"
                                  },
                                  "os_type": {
                                    "type": "integer",
                                    "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                    "enum": [
                                      1,
                                      2,
                                      3
                                    ]
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the rule is default"
                                  },
                                  "edge_traversal": {
                                    "type": "integer",
                                    "title": "Edge traversal"
                                  },
                                  "icmp_types": {
                                    "type": "string",
                                    "description": "ICMP types"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the ruleset is default"
                        },
                        "internal_name": {
                          "type": "string",
                          "title": "Internal name"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.post.firewall.ruleset"
      },
      "get": {
        "description": "Get firewall rulesets",
        "summary": "Get firewall rulesets",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "page_size",
            "required": false,
            "in": "query",
            "schema": {
              "type": "number"
            }
          },
          {
            "name": "next_cursor",
            "required": false,
            "in": "query",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get firewall rulesets response",
                  "properties": {
                    "total": {
                      "type": "number",
                      "title": "Total number of firewall rulesets"
                    },
                    "rulesets": {
                      "type": "array",
                      "title": "Firewall rulesets",
                      "items": {
                        "title": "Get firewall ruleset response",
                        "type": "object",
                        "required": [
                          "id"
                        ],
                        "allOf": [
                          {
                            "title": "Firewall ruleset",
                            "type": "object",
                            "properties": {
                              "name": {
                                "type": "string",
                                "title": "Firewall ruleset name"
                              },
                              "description": {
                                "type": "string",
                                "title": "Firewall ruleset description"
                              }
                            }
                          },
                          {
                            "properties": {
                              "id": {
                                "type": "string",
                                "title": "Firewall rule ID"
                              },
                              "created_at": {
                                "type": "string",
                                "title": "Created at",
                                "format": "date-time"
                              },
                              "updated_at": {
                                "type": "string",
                                "title": "Updated at",
                                "format": "date-time"
                              },
                              "deleted_at": {
                                "type": "string",
                                "title": "Deleted at",
                                "format": "date-time"
                              },
                              "created_by": {
                                "type": "string",
                                "title": "Created by"
                              },
                              "updated_by": {
                                "type": "string",
                                "title": "Updated by"
                              },
                              "deleted_by": {
                                "type": "string",
                                "title": "Deleted by"
                              },
                              "account_id": {
                                "type": "string",
                                "title": "Account ID",
                                "format": "uuid"
                              },
                              "parent_account_id": {
                                "type": "string",
                                "title": "Parent account ID",
                                "format": "uuid"
                              },
                              "etag": {
                                "type": "string",
                                "title": "ETag"
                              },
                              "rules": {
                                "type": "array",
                                "title": "Rules",
                                "items": {
                                  "type": "object",
                                  "title": "Get firewall rule response",
                                  "required": [
                                    "id"
                                  ],
                                  "allOf": [
                                    {
                                      "type": "object",
                                      "title": "Firewall rule",
                                      "properties": {
                                        "name": {
                                          "type": "string",
                                          "title": "Firewall rule name"
                                        },
                                        "description": {
                                          "type": "string",
                                          "title": "Firewall rule description"
                                        },
                                        "program": {
                                          "type": "string",
                                          "title": "Firewall rule program"
                                        },
                                        "action": {
                                          "type": "string",
                                          "title": "Firewall rule action",
                                          "enum": [
                                            "ALLOW",
                                            "BLOCK"
                                          ]
                                        },
                                        "direction": {
                                          "type": "string",
                                          "title": "Firewall rule direction",
                                          "enum": [
                                            "IN",
                                            "OUT"
                                          ]
                                        },
                                        "enabled": {
                                          "type": "boolean",
                                          "title": "Enabled"
                                        },
                                        "location": {
                                          "type": "number",
                                          "title": "Location"
                                        },
                                        "local_addresses": {
                                          "type": "array",
                                          "title": "Local addresses",
                                          "items": {
                                            "anyOf": [
                                              {
                                                "type": "string",
                                                "description": "local IPv4 address",
                                                "format": "ipv4"
                                              },
                                              {
                                                "type": "string",
                                                "description": "local explicit IPv4 range",
                                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                              },
                                              {
                                                "type": "string",
                                                "description": "local CIDR IPv4 range",
                                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                              },
                                              {
                                                "type": "string",
                                                "description": "IPv6 address",
                                                "format": "ipv6"
                                              },
                                              {
                                                "type": "string",
                                                "description": "IPv6 range CIDR",
                                                "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                              },
                                              {
                                                "type": "string",
                                                "description": "explicit IPv6 range",
                                                "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                              },
                                              {
                                                "type": "string",
                                                "const": "LocalSubnet"
                                              }
                                            ]
                                          }
                                        },
                                        "local_ports": {
                                          "type": "array",
                                          "title": "Local ports",
                                          "items": {
                                            "type": "string"
                                          }
                                        },
                                        "remote_addresses": {
                                          "type": "array",
                                          "title": "Remote addresses",
                                          "items": {
                                            "type": "string"
                                          }
                                        },
                                        "remote_ports": {
                                          "type": "array",
                                          "title": "Remote ports",
                                          "items": {
                                            "type": "string"
                                          }
                                        },
                                        "protocol": {
                                          "type": [
                                            "integer",
                                            "null"
                                          ],
                                          "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                          "enum": [
                                            0,
                                            1,
                                            2,
                                            6,
                                            17,
                                            41,
                                            43,
                                            44,
                                            47,
                                            50,
                                            51,
                                            58,
                                            59,
                                            60,
                                            112,
                                            113,
                                            115,
                                            256
                                          ]
                                        },
                                        "service": {
                                          "type": "string"
                                        },
                                        "os_type": {
                                          "type": "integer",
                                          "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                          "enum": [
                                            1,
                                            2,
                                            3
                                          ]
                                        }
                                      }
                                    },
                                    {
                                      "properties": {
                                        "id": {
                                          "type": "string",
                                          "title": "Firewall rule ID"
                                        },
                                        "created_at": {
                                          "type": "string",
                                          "title": "Created at",
                                          "format": "date-time"
                                        },
                                        "updated_at": {
                                          "type": "string",
                                          "title": "Updated at",
                                          "format": "date-time"
                                        },
                                        "deleted_at": {
                                          "type": "string",
                                          "title": "Deleted at",
                                          "format": "date-time"
                                        },
                                        "created_by": {
                                          "type": "string",
                                          "title": "Created by"
                                        },
                                        "updated_by": {
                                          "type": "string",
                                          "title": "Updated by"
                                        },
                                        "deleted_by": {
                                          "type": "string",
                                          "title": "Deleted by"
                                        },
                                        "account_id": {
                                          "type": "string",
                                          "title": "Account ID",
                                          "format": "uuid"
                                        },
                                        "parent_account_id": {
                                          "type": "string",
                                          "title": "Parent account ID",
                                          "format": "uuid"
                                        },
                                        "etag": {
                                          "type": "string",
                                          "title": "ETag"
                                        },
                                        "is_default": {
                                          "type": "boolean",
                                          "title": "Indicated whether the rule is default"
                                        },
                                        "edge_traversal": {
                                          "type": "integer",
                                          "title": "Edge traversal"
                                        },
                                        "icmp_types": {
                                          "type": "string",
                                          "description": "ICMP types"
                                        }
                                      }
                                    }
                                  ]
                                }
                              },
                              "is_default": {
                                "type": "boolean",
                                "title": "Indicated whether the ruleset is default"
                              },
                              "internal_name": {
                                "type": "string",
                                "title": "Internal name"
                              }
                            }
                          }
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.rulesets"
      }
    },
    "/nebula/v1/firewall/policies/{id}": {
      "delete": {
        "description": "Delete a firewall policy",
        "summary": "Delete a firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.delete.firewall.policy"
      },
      "get": {
        "description": "Get a firewall policy",
        "summary": "Get a firewall policy",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "fields[firewall_policy]",
            "required": false,
            "in": "query",
            "description": "Specify which fields will be included in the response. Formatted as comma separated list of fields. Allowed fields are: id, created_at, updated_at, created_by, updated_by, account_id, parent_account_id, name, description, profiles, allow_store, report_frequency, version.",
            "schema": {
              "type": "string",
              "pattern": "^((?:id|created_at|updated_at|created_by|updated_by|account_id|parent_account_id|name|description|profiles|allow_store|report_frequency|version|enabled)(?:,|$))+$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.policy"
      },
      "put": {
        "description": "Update a firewall policy",
        "summary": "Update a firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "fields[firewall_policy]",
            "required": false,
            "in": "query",
            "description": "Specify which fields will be included in the response. Formatted as comma separated list of fields. Allowed fields are: id, created_at, updated_at, created_by, updated_by, account_id, parent_account_id, name, description, profiles, allow_store, report_frequency, version.",
            "schema": {
              "type": "string",
              "pattern": "^((?:id|created_at|updated_at|created_by|updated_by|account_id|parent_account_id|name|description|profiles|allow_store|report_frequency|version|enabled)(?:,|$))+$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Create firewall policy",
                "anyOf": [
                  {
                    "required": [
                      "name"
                    ]
                  },
                  {
                    "required": [
                      "description"
                    ]
                  },
                  {
                    "required": [
                      "profiles"
                    ]
                  },
                  {
                    "required": [
                      "allow_store"
                    ]
                  },
                  {
                    "required": [
                      "enabled"
                    ]
                  },
                  {
                    "required": [
                      "report_frequency"
                    ]
                  }
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Firewall policy",
                    "properties": {
                      "name": {
                        "type": "string",
                        "title": "Firewall policy name"
                      },
                      "description": {
                        "type": "string",
                        "title": "Firewall policy description"
                      },
                      "allow_store": {
                        "type": "boolean",
                        "title": "Allow store"
                      },
                      "enabled": {
                        "type": "boolean",
                        "title": "Enabled controls if the agent is sent the Firewall plugin."
                      },
                      "profiles": {
                        "type": "array",
                        "title": "Profiles",
                        "items": {
                          "type": "object",
                          "title": "Firewall profile",
                          "properties": {
                            "type": {
                              "type": "number",
                              "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                              "enum": [
                                1,
                                2,
                                4
                              ]
                            },
                            "firewall_enabled": {
                              "type": "boolean",
                              "title": "Firewall enabled"
                            },
                            "inbound_mode": {
                              "type": "string",
                              "title": "Inbound mode",
                              "enum": [
                                "ALLOW",
                                "BLOCK",
                                "BLOCK_ALL"
                              ]
                            },
                            "outbound_mode": {
                              "type": "string",
                              "title": "Outbound mode",
                              "enum": [
                                "ALLOW",
                                "BLOCK"
                              ]
                            }
                          }
                        }
                      },
                      "report_frequency": {
                        "type": "number",
                        "title": "Report frequency in minutes",
                        "minimum": 5,
                        "default": 60,
                        "maximum": 1440
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.put.firewall.policy"
      }
    },
    "/nebula/v1/firewall/policies/{id}/policies": {
      "delete": {
        "description": "Delete policies from firewall policy",
        "summary": "Delete policies from firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Set policies on firewall policy",
                "type": "object",
                "required": [
                  "policies"
                ],
                "properties": {
                  "policies": {
                    "type": "array",
                    "description": "Policy IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.delete.firewall.policies.policies"
      },
      "put": {
        "description": "Set policies for firewall policy",
        "summary": "Set policies for firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Set policies on firewall policy",
                "type": "object",
                "required": [
                  "policies"
                ],
                "properties": {
                  "policies": {
                    "type": "array",
                    "description": "Policy IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.set.firewall.policies.policies"
      }
    },
    "/nebula/v1/firewall/policies/{id}/rulesets": {
      "delete": {
        "description": "Delete rulesets from firewall policy",
        "summary": "Delete rulesets from firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Set rulesets on firewall policy",
                "type": "object",
                "required": [
                  "rulesets"
                ],
                "properties": {
                  "rulesets": {
                    "type": "array",
                    "description": "Ruleset IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.delete.firewall.policies.rulesets"
      },
      "put": {
        "description": "Set rulesets for firewall policy",
        "summary": "Set rulesets for firewall policy",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Set rulesets on firewall policy",
                "type": "object",
                "required": [
                  "rulesets"
                ],
                "properties": {
                  "rulesets": {
                    "type": "array",
                    "description": "Ruleset IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall policy response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall policy",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall policy name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall policy description"
                        },
                        "allow_store": {
                          "type": "boolean",
                          "title": "Allow store"
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled controls if the agent is sent the Firewall plugin."
                        },
                        "profiles": {
                          "type": "array",
                          "title": "Profiles",
                          "items": {
                            "type": "object",
                            "title": "Firewall profile",
                            "properties": {
                              "type": {
                                "type": "number",
                                "title": "Firewall profile type(1=Domain, 2=Private, 4=Public)",
                                "enum": [
                                  1,
                                  2,
                                  4
                                ]
                              },
                              "firewall_enabled": {
                                "type": "boolean",
                                "title": "Firewall enabled"
                              },
                              "inbound_mode": {
                                "type": "string",
                                "title": "Inbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK",
                                  "BLOCK_ALL"
                                ]
                              },
                              "outbound_mode": {
                                "type": "string",
                                "title": "Outbound mode",
                                "enum": [
                                  "ALLOW",
                                  "BLOCK"
                                ]
                              }
                            }
                          }
                        },
                        "report_frequency": {
                          "type": "number",
                          "title": "Report frequency in minutes",
                          "minimum": 5,
                          "default": 60,
                          "maximum": 1440
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall policy ID"
                        },
                        "rulesets": {
                          "type": "array",
                          "title": "Rulesets",
                          "items": {
                            "title": "Get firewall ruleset response",
                            "type": "object",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "title": "Firewall ruleset",
                                "type": "object",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall ruleset name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall ruleset description"
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "rules": {
                                    "type": "array",
                                    "title": "Rules",
                                    "items": {
                                      "type": "object",
                                      "title": "Get firewall rule response",
                                      "required": [
                                        "id"
                                      ],
                                      "allOf": [
                                        {
                                          "type": "object",
                                          "title": "Firewall rule",
                                          "properties": {
                                            "name": {
                                              "type": "string",
                                              "title": "Firewall rule name"
                                            },
                                            "description": {
                                              "type": "string",
                                              "title": "Firewall rule description"
                                            },
                                            "program": {
                                              "type": "string",
                                              "title": "Firewall rule program"
                                            },
                                            "action": {
                                              "type": "string",
                                              "title": "Firewall rule action",
                                              "enum": [
                                                "ALLOW",
                                                "BLOCK"
                                              ]
                                            },
                                            "direction": {
                                              "type": "string",
                                              "title": "Firewall rule direction",
                                              "enum": [
                                                "IN",
                                                "OUT"
                                              ]
                                            },
                                            "enabled": {
                                              "type": "boolean",
                                              "title": "Enabled"
                                            },
                                            "location": {
                                              "type": "number",
                                              "title": "Location"
                                            },
                                            "local_addresses": {
                                              "type": "array",
                                              "title": "Local addresses",
                                              "items": {
                                                "anyOf": [
                                                  {
                                                    "type": "string",
                                                    "description": "local IPv4 address",
                                                    "format": "ipv4"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local explicit IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "local CIDR IPv4 range",
                                                    "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 address",
                                                    "format": "ipv6"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "IPv6 range CIDR",
                                                    "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "description": "explicit IPv6 range",
                                                    "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                                  },
                                                  {
                                                    "type": "string",
                                                    "const": "LocalSubnet"
                                                  }
                                                ]
                                              }
                                            },
                                            "local_ports": {
                                              "type": "array",
                                              "title": "Local ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_addresses": {
                                              "type": "array",
                                              "title": "Remote addresses",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "remote_ports": {
                                              "type": "array",
                                              "title": "Remote ports",
                                              "items": {
                                                "type": "string"
                                              }
                                            },
                                            "protocol": {
                                              "type": [
                                                "integer",
                                                "null"
                                              ],
                                              "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                              "enum": [
                                                0,
                                                1,
                                                2,
                                                6,
                                                17,
                                                41,
                                                43,
                                                44,
                                                47,
                                                50,
                                                51,
                                                58,
                                                59,
                                                60,
                                                112,
                                                113,
                                                115,
                                                256
                                              ]
                                            },
                                            "service": {
                                              "type": "string"
                                            },
                                            "os_type": {
                                              "type": "integer",
                                              "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                              "enum": [
                                                1,
                                                2,
                                                3
                                              ]
                                            }
                                          }
                                        },
                                        {
                                          "properties": {
                                            "id": {
                                              "type": "string",
                                              "title": "Firewall rule ID"
                                            },
                                            "created_at": {
                                              "type": "string",
                                              "title": "Created at",
                                              "format": "date-time"
                                            },
                                            "updated_at": {
                                              "type": "string",
                                              "title": "Updated at",
                                              "format": "date-time"
                                            },
                                            "deleted_at": {
                                              "type": "string",
                                              "title": "Deleted at",
                                              "format": "date-time"
                                            },
                                            "created_by": {
                                              "type": "string",
                                              "title": "Created by"
                                            },
                                            "updated_by": {
                                              "type": "string",
                                              "title": "Updated by"
                                            },
                                            "deleted_by": {
                                              "type": "string",
                                              "title": "Deleted by"
                                            },
                                            "account_id": {
                                              "type": "string",
                                              "title": "Account ID",
                                              "format": "uuid"
                                            },
                                            "parent_account_id": {
                                              "type": "string",
                                              "title": "Parent account ID",
                                              "format": "uuid"
                                            },
                                            "etag": {
                                              "type": "string",
                                              "title": "ETag"
                                            },
                                            "is_default": {
                                              "type": "boolean",
                                              "title": "Indicated whether the rule is default"
                                            },
                                            "edge_traversal": {
                                              "type": "integer",
                                              "title": "Edge traversal"
                                            },
                                            "icmp_types": {
                                              "type": "string",
                                              "description": "ICMP types"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the ruleset is default"
                                  },
                                  "internal_name": {
                                    "type": "string",
                                    "title": "Internal name"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "policies": {
                          "type": "array",
                          "items": {
                            "type": "object"
                          }
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.set.firewall.policies.rulesets"
      }
    },
    "/nebula/v1/firewall/rules/{id}": {
      "delete": {
        "description": "Delete a firewall rule",
        "summary": "Delete a firewall rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.delete.firewall.rule"
      },
      "get": {
        "description": "Get a firewall rule",
        "summary": "Get a firewall rule",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "fields[firewall_rule]",
            "required": false,
            "in": "query",
            "description": "Specify which fields will be included in the response. Formatted as comma separated list of fields. Allowed fields are: created_at, updated_at, created_by, updated_by, account_id, parent_account_id, name, description, version, program, action, direction, enabled, location, local_addresses, local_ports, remote_addresses, remote_ports, protocol, service, os_type.",
            "schema": {
              "type": "string",
              "pattern": "^((?:created_at|updated_at|created_by|updated_by|account_id|parent_account_id|name|description|version|program|action|direction|enabled|location|local_addresses|local_ports|remote_addresses|remote_ports|protocol|service|os_type|edge_traversal|icmp_types)(?:,|$))+$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get firewall rule response",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall rule",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall rule name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall rule description"
                        },
                        "program": {
                          "type": "string",
                          "title": "Firewall rule program"
                        },
                        "action": {
                          "type": "string",
                          "title": "Firewall rule action",
                          "enum": [
                            "ALLOW",
                            "BLOCK"
                          ]
                        },
                        "direction": {
                          "type": "string",
                          "title": "Firewall rule direction",
                          "enum": [
                            "IN",
                            "OUT"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled"
                        },
                        "location": {
                          "type": "number",
                          "title": "Location"
                        },
                        "local_addresses": {
                          "type": "array",
                          "title": "Local addresses",
                          "items": {
                            "anyOf": [
                              {
                                "type": "string",
                                "description": "local IPv4 address",
                                "format": "ipv4"
                              },
                              {
                                "type": "string",
                                "description": "local explicit IPv4 range",
                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                              },
                              {
                                "type": "string",
                                "description": "local CIDR IPv4 range",
                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                              },
                              {
                                "type": "string",
                                "description": "IPv6 address",
                                "format": "ipv6"
                              },
                              {
                                "type": "string",
                                "description": "IPv6 range CIDR",
                                "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                              },
                              {
                                "type": "string",
                                "description": "explicit IPv6 range",
                                "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                              },
                              {
                                "type": "string",
                                "const": "LocalSubnet"
                              }
                            ]
                          }
                        },
                        "local_ports": {
                          "type": "array",
                          "title": "Local ports",
                          "items": {
                            "type": "string"
                          }
                        },
                        "remote_addresses": {
                          "type": "array",
                          "title": "Remote addresses",
                          "items": {
                            "type": "string"
                          }
                        },
                        "remote_ports": {
                          "type": "array",
                          "title": "Remote ports",
                          "items": {
                            "type": "string"
                          }
                        },
                        "protocol": {
                          "type": [
                            "integer",
                            "null"
                          ],
                          "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                          "enum": [
                            0,
                            1,
                            2,
                            6,
                            17,
                            41,
                            43,
                            44,
                            47,
                            50,
                            51,
                            58,
                            59,
                            60,
                            112,
                            113,
                            115,
                            256
                          ]
                        },
                        "service": {
                          "type": "string"
                        },
                        "os_type": {
                          "type": "integer",
                          "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                          "enum": [
                            1,
                            2,
                            3
                          ]
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the rule is default"
                        },
                        "edge_traversal": {
                          "type": "integer",
                          "title": "Edge traversal"
                        },
                        "icmp_types": {
                          "type": "string",
                          "description": "ICMP types"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.rule"
      },
      "put": {
        "description": "Update a firewall rule",
        "summary": "Update a firewall rule",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "fields[firewall_rule]",
            "required": false,
            "in": "query",
            "description": "Specify which fields will be included in the response. Formatted as comma separated list of fields. Allowed fields are: created_at, updated_at, created_by, updated_by, account_id, parent_account_id, name, description, version, program, action, direction, enabled, location, local_addresses, local_ports, remote_addresses, remote_ports, protocol, service, os_type.",
            "schema": {
              "type": "string",
              "pattern": "^((?:created_at|updated_at|created_by|updated_by|account_id|parent_account_id|name|description|version|program|action|direction|enabled|location|local_addresses|local_ports|remote_addresses|remote_ports|protocol|service|os_type|edge_traversal|icmp_types)(?:,|$))+$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Update firewall rule",
                "anyOf": [
                  {
                    "required": [
                      "name"
                    ]
                  },
                  {
                    "required": [
                      "description"
                    ]
                  },
                  {
                    "required": [
                      "program"
                    ]
                  },
                  {
                    "required": [
                      "action"
                    ]
                  },
                  {
                    "required": [
                      "direction"
                    ]
                  },
                  {
                    "required": [
                      "enabled"
                    ]
                  },
                  {
                    "required": [
                      "location"
                    ]
                  },
                  {
                    "required": [
                      "local_addresses"
                    ]
                  },
                  {
                    "required": [
                      "local_ports"
                    ]
                  },
                  {
                    "required": [
                      "remote_addresses"
                    ]
                  },
                  {
                    "required": [
                      "remote_ports"
                    ]
                  },
                  {
                    "required": [
                      "protocol"
                    ]
                  },
                  {
                    "required": [
                      "service"
                    ]
                  },
                  {
                    "required": [
                      "os_type"
                    ]
                  }
                ],
                "allOf": [
                  {
                    "type": "object",
                    "title": "Firewall rule",
                    "properties": {
                      "name": {
                        "type": "string",
                        "title": "Firewall rule name"
                      },
                      "description": {
                        "type": "string",
                        "title": "Firewall rule description"
                      },
                      "program": {
                        "type": "string",
                        "title": "Firewall rule program"
                      },
                      "action": {
                        "type": "string",
                        "title": "Firewall rule action",
                        "enum": [
                          "ALLOW",
                          "BLOCK"
                        ]
                      },
                      "direction": {
                        "type": "string",
                        "title": "Firewall rule direction",
                        "enum": [
                          "IN",
                          "OUT"
                        ]
                      },
                      "enabled": {
                        "type": "boolean",
                        "title": "Enabled"
                      },
                      "location": {
                        "type": "number",
                        "title": "Location"
                      },
                      "local_addresses": {
                        "type": "array",
                        "title": "Local addresses",
                        "items": {
                          "anyOf": [
                            {
                              "type": "string",
                              "description": "local IPv4 address",
                              "format": "ipv4"
                            },
                            {
                              "type": "string",
                              "description": "local explicit IPv4 range",
                              "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                            },
                            {
                              "type": "string",
                              "description": "local CIDR IPv4 range",
                              "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                            },
                            {
                              "type": "string",
                              "description": "IPv6 address",
                              "format": "ipv6"
                            },
                            {
                              "type": "string",
                              "description": "IPv6 range CIDR",
                              "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                            },
                            {
                              "type": "string",
                              "description": "explicit IPv6 range",
                              "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                            },
                            {
                              "type": "string",
                              "const": "LocalSubnet"
                            }
                          ]
                        }
                      },
                      "local_ports": {
                        "type": "array",
                        "title": "Local ports",
                        "items": {
                          "type": "string"
                        }
                      },
                      "remote_addresses": {
                        "type": "array",
                        "title": "Remote addresses",
                        "items": {
                          "type": "string"
                        }
                      },
                      "remote_ports": {
                        "type": "array",
                        "title": "Remote ports",
                        "items": {
                          "type": "string"
                        }
                      },
                      "protocol": {
                        "type": [
                          "integer",
                          "null"
                        ],
                        "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                        "enum": [
                          0,
                          1,
                          2,
                          6,
                          17,
                          41,
                          43,
                          44,
                          47,
                          50,
                          51,
                          58,
                          59,
                          60,
                          112,
                          113,
                          115,
                          256
                        ]
                      },
                      "service": {
                        "type": "string"
                      },
                      "os_type": {
                        "type": "integer",
                        "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                        "enum": [
                          1,
                          2,
                          3
                        ]
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Get firewall rule response",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "type": "object",
                      "title": "Firewall rule",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall rule name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall rule description"
                        },
                        "program": {
                          "type": "string",
                          "title": "Firewall rule program"
                        },
                        "action": {
                          "type": "string",
                          "title": "Firewall rule action",
                          "enum": [
                            "ALLOW",
                            "BLOCK"
                          ]
                        },
                        "direction": {
                          "type": "string",
                          "title": "Firewall rule direction",
                          "enum": [
                            "IN",
                            "OUT"
                          ]
                        },
                        "enabled": {
                          "type": "boolean",
                          "title": "Enabled"
                        },
                        "location": {
                          "type": "number",
                          "title": "Location"
                        },
                        "local_addresses": {
                          "type": "array",
                          "title": "Local addresses",
                          "items": {
                            "anyOf": [
                              {
                                "type": "string",
                                "description": "local IPv4 address",
                                "format": "ipv4"
                              },
                              {
                                "type": "string",
                                "description": "local explicit IPv4 range",
                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                              },
                              {
                                "type": "string",
                                "description": "local CIDR IPv4 range",
                                "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                              },
                              {
                                "type": "string",
                                "description": "IPv6 address",
                                "format": "ipv6"
                              },
                              {
                                "type": "string",
                                "description": "IPv6 range CIDR",
                                "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                              },
                              {
                                "type": "string",
                                "description": "explicit IPv6 range",
                                "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                              },
                              {
                                "type": "string",
                                "const": "LocalSubnet"
                              }
                            ]
                          }
                        },
                        "local_ports": {
                          "type": "array",
                          "title": "Local ports",
                          "items": {
                            "type": "string"
                          }
                        },
                        "remote_addresses": {
                          "type": "array",
                          "title": "Remote addresses",
                          "items": {
                            "type": "string"
                          }
                        },
                        "remote_ports": {
                          "type": "array",
                          "title": "Remote ports",
                          "items": {
                            "type": "string"
                          }
                        },
                        "protocol": {
                          "type": [
                            "integer",
                            "null"
                          ],
                          "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                          "enum": [
                            0,
                            1,
                            2,
                            6,
                            17,
                            41,
                            43,
                            44,
                            47,
                            50,
                            51,
                            58,
                            59,
                            60,
                            112,
                            113,
                            115,
                            256
                          ]
                        },
                        "service": {
                          "type": "string"
                        },
                        "os_type": {
                          "type": "integer",
                          "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                          "enum": [
                            1,
                            2,
                            3
                          ]
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the rule is default"
                        },
                        "edge_traversal": {
                          "type": "integer",
                          "title": "Edge traversal"
                        },
                        "icmp_types": {
                          "type": "string",
                          "description": "ICMP types"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.put.firewall.rule"
      }
    },
    "/nebula/v1/firewall/rulesets/{id}/rules": {
      "delete": {
        "description": "Delete rules from firewall ruleset",
        "summary": "Delete rules from firewall ruleset",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Set rules on firewall ruleset",
                "type": "object",
                "required": [
                  "rules"
                ],
                "properties": {
                  "rules": {
                    "type": "array",
                    "description": "Rule IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall ruleset response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "title": "Firewall ruleset",
                      "type": "object",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall ruleset name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall ruleset description"
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "rules": {
                          "type": "array",
                          "title": "Rules",
                          "items": {
                            "type": "object",
                            "title": "Get firewall rule response",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "type": "object",
                                "title": "Firewall rule",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall rule name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall rule description"
                                  },
                                  "program": {
                                    "type": "string",
                                    "title": "Firewall rule program"
                                  },
                                  "action": {
                                    "type": "string",
                                    "title": "Firewall rule action",
                                    "enum": [
                                      "ALLOW",
                                      "BLOCK"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Firewall rule direction",
                                    "enum": [
                                      "IN",
                                      "OUT"
                                    ]
                                  },
                                  "enabled": {
                                    "type": "boolean",
                                    "title": "Enabled"
                                  },
                                  "location": {
                                    "type": "number",
                                    "title": "Location"
                                  },
                                  "local_addresses": {
                                    "type": "array",
                                    "title": "Local addresses",
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "description": "local IPv4 address",
                                          "format": "ipv4"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local explicit IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local CIDR IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 address",
                                          "format": "ipv6"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 range CIDR",
                                          "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "explicit IPv6 range",
                                          "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                        },
                                        {
                                          "type": "string",
                                          "const": "LocalSubnet"
                                        }
                                      ]
                                    }
                                  },
                                  "local_ports": {
                                    "type": "array",
                                    "title": "Local ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_addresses": {
                                    "type": "array",
                                    "title": "Remote addresses",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_ports": {
                                    "type": "array",
                                    "title": "Remote ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "protocol": {
                                    "type": [
                                      "integer",
                                      "null"
                                    ],
                                    "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                    "enum": [
                                      0,
                                      1,
                                      2,
                                      6,
                                      17,
                                      41,
                                      43,
                                      44,
                                      47,
                                      50,
                                      51,
                                      58,
                                      59,
                                      60,
                                      112,
                                      113,
                                      115,
                                      256
                                    ]
                                  },
                                  "service": {
                                    "type": "string"
                                  },
                                  "os_type": {
                                    "type": "integer",
                                    "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                    "enum": [
                                      1,
                                      2,
                                      3
                                    ]
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the rule is default"
                                  },
                                  "edge_traversal": {
                                    "type": "integer",
                                    "title": "Edge traversal"
                                  },
                                  "icmp_types": {
                                    "type": "string",
                                    "description": "ICMP types"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the ruleset is default"
                        },
                        "internal_name": {
                          "type": "string",
                          "title": "Internal name"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.delete.firewall.ruleset.rules"
      },
      "put": {
        "description": "Set rules for firewall ruleset",
        "summary": "Set rules for firewall ruleset",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Set rules on firewall ruleset",
                "type": "object",
                "required": [
                  "rules"
                ],
                "properties": {
                  "rules": {
                    "type": "array",
                    "description": "Rule IDs",
                    "items": {
                      "type": "string",
                      "format": "uuid"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall ruleset response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "title": "Firewall ruleset",
                      "type": "object",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall ruleset name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall ruleset description"
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "rules": {
                          "type": "array",
                          "title": "Rules",
                          "items": {
                            "type": "object",
                            "title": "Get firewall rule response",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "type": "object",
                                "title": "Firewall rule",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall rule name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall rule description"
                                  },
                                  "program": {
                                    "type": "string",
                                    "title": "Firewall rule program"
                                  },
                                  "action": {
                                    "type": "string",
                                    "title": "Firewall rule action",
                                    "enum": [
                                      "ALLOW",
                                      "BLOCK"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Firewall rule direction",
                                    "enum": [
                                      "IN",
                                      "OUT"
                                    ]
                                  },
                                  "enabled": {
                                    "type": "boolean",
                                    "title": "Enabled"
                                  },
                                  "location": {
                                    "type": "number",
                                    "title": "Location"
                                  },
                                  "local_addresses": {
                                    "type": "array",
                                    "title": "Local addresses",
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "description": "local IPv4 address",
                                          "format": "ipv4"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local explicit IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local CIDR IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 address",
                                          "format": "ipv6"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 range CIDR",
                                          "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "explicit IPv6 range",
                                          "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                        },
                                        {
                                          "type": "string",
                                          "const": "LocalSubnet"
                                        }
                                      ]
                                    }
                                  },
                                  "local_ports": {
                                    "type": "array",
                                    "title": "Local ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_addresses": {
                                    "type": "array",
                                    "title": "Remote addresses",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_ports": {
                                    "type": "array",
                                    "title": "Remote ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "protocol": {
                                    "type": [
                                      "integer",
                                      "null"
                                    ],
                                    "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                    "enum": [
                                      0,
                                      1,
                                      2,
                                      6,
                                      17,
                                      41,
                                      43,
                                      44,
                                      47,
                                      50,
                                      51,
                                      58,
                                      59,
                                      60,
                                      112,
                                      113,
                                      115,
                                      256
                                    ]
                                  },
                                  "service": {
                                    "type": "string"
                                  },
                                  "os_type": {
                                    "type": "integer",
                                    "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                    "enum": [
                                      1,
                                      2,
                                      3
                                    ]
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the rule is default"
                                  },
                                  "edge_traversal": {
                                    "type": "integer",
                                    "title": "Edge traversal"
                                  },
                                  "icmp_types": {
                                    "type": "string",
                                    "description": "ICMP types"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the ruleset is default"
                        },
                        "internal_name": {
                          "type": "string",
                          "title": "Internal name"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.set.firewall.ruleset.rules"
      }
    },
    "/nebula/v1/firewall/rulesets/{id}": {
      "delete": {
        "description": "Delete a firewall ruleset",
        "summary": "Delete a firewall ruleset",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.delete.firewall.ruleset"
      },
      "get": {
        "description": "Get a firewall ruleset",
        "summary": "Get a firewall ruleset",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "fields[firewall_ruleset]",
            "required": false,
            "in": "query",
            "description": "Specify which fields will be included in the response. Formatted as comma separated list of fields. Allowed fields are created_at, updated_at, created_by, updated_by, account_id, parent_account_id, name, description, version.",
            "schema": {
              "type": "string",
              "pattern": "^((?:created_at|updated_at|created_by|updated_by|account_id|parent_account_id|name|description|version)(?:,|$))+$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall ruleset response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "title": "Firewall ruleset",
                      "type": "object",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall ruleset name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall ruleset description"
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "rules": {
                          "type": "array",
                          "title": "Rules",
                          "items": {
                            "type": "object",
                            "title": "Get firewall rule response",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "type": "object",
                                "title": "Firewall rule",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall rule name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall rule description"
                                  },
                                  "program": {
                                    "type": "string",
                                    "title": "Firewall rule program"
                                  },
                                  "action": {
                                    "type": "string",
                                    "title": "Firewall rule action",
                                    "enum": [
                                      "ALLOW",
                                      "BLOCK"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Firewall rule direction",
                                    "enum": [
                                      "IN",
                                      "OUT"
                                    ]
                                  },
                                  "enabled": {
                                    "type": "boolean",
                                    "title": "Enabled"
                                  },
                                  "location": {
                                    "type": "number",
                                    "title": "Location"
                                  },
                                  "local_addresses": {
                                    "type": "array",
                                    "title": "Local addresses",
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "description": "local IPv4 address",
                                          "format": "ipv4"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local explicit IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local CIDR IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 address",
                                          "format": "ipv6"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 range CIDR",
                                          "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "explicit IPv6 range",
                                          "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                        },
                                        {
                                          "type": "string",
                                          "const": "LocalSubnet"
                                        }
                                      ]
                                    }
                                  },
                                  "local_ports": {
                                    "type": "array",
                                    "title": "Local ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_addresses": {
                                    "type": "array",
                                    "title": "Remote addresses",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_ports": {
                                    "type": "array",
                                    "title": "Remote ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "protocol": {
                                    "type": [
                                      "integer",
                                      "null"
                                    ],
                                    "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                    "enum": [
                                      0,
                                      1,
                                      2,
                                      6,
                                      17,
                                      41,
                                      43,
                                      44,
                                      47,
                                      50,
                                      51,
                                      58,
                                      59,
                                      60,
                                      112,
                                      113,
                                      115,
                                      256
                                    ]
                                  },
                                  "service": {
                                    "type": "string"
                                  },
                                  "os_type": {
                                    "type": "integer",
                                    "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                    "enum": [
                                      1,
                                      2,
                                      3
                                    ]
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the rule is default"
                                  },
                                  "edge_traversal": {
                                    "type": "integer",
                                    "title": "Edge traversal"
                                  },
                                  "icmp_types": {
                                    "type": "string",
                                    "description": "ICMP types"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the ruleset is default"
                        },
                        "internal_name": {
                          "type": "string",
                          "title": "Internal name"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.ruleset"
      },
      "put": {
        "description": "Update a firewall ruleset",
        "summary": "Update a firewall ruleset",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "fields[firewall_ruleset]",
            "required": false,
            "in": "query",
            "description": "Specify which fields will be included in the response. Formatted as comma separated list of fields. Allowed fields are created_at, updated_at, created_by, updated_by, account_id, parent_account_id, name, description, version.",
            "schema": {
              "type": "string",
              "pattern": "^((?:created_at|updated_at|created_by|updated_by|account_id|parent_account_id|name|description|version)(?:,|$))+$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Update firewall ruleset",
                "anyOf": [
                  {
                    "required": [
                      "name"
                    ]
                  },
                  {
                    "required": [
                      "description"
                    ]
                  }
                ],
                "allOf": [
                  {
                    "title": "Firewall ruleset",
                    "type": "object",
                    "properties": {
                      "name": {
                        "type": "string",
                        "title": "Firewall ruleset name"
                      },
                      "description": {
                        "type": "string",
                        "title": "Firewall ruleset description"
                      }
                    }
                  }
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Get firewall ruleset response",
                  "type": "object",
                  "required": [
                    "id"
                  ],
                  "allOf": [
                    {
                      "title": "Firewall ruleset",
                      "type": "object",
                      "properties": {
                        "name": {
                          "type": "string",
                          "title": "Firewall ruleset name"
                        },
                        "description": {
                          "type": "string",
                          "title": "Firewall ruleset description"
                        }
                      }
                    },
                    {
                      "properties": {
                        "id": {
                          "type": "string",
                          "title": "Firewall rule ID"
                        },
                        "created_at": {
                          "type": "string",
                          "title": "Created at",
                          "format": "date-time"
                        },
                        "updated_at": {
                          "type": "string",
                          "title": "Updated at",
                          "format": "date-time"
                        },
                        "deleted_at": {
                          "type": "string",
                          "title": "Deleted at",
                          "format": "date-time"
                        },
                        "created_by": {
                          "type": "string",
                          "title": "Created by"
                        },
                        "updated_by": {
                          "type": "string",
                          "title": "Updated by"
                        },
                        "deleted_by": {
                          "type": "string",
                          "title": "Deleted by"
                        },
                        "account_id": {
                          "type": "string",
                          "title": "Account ID",
                          "format": "uuid"
                        },
                        "parent_account_id": {
                          "type": "string",
                          "title": "Parent account ID",
                          "format": "uuid"
                        },
                        "etag": {
                          "type": "string",
                          "title": "ETag"
                        },
                        "rules": {
                          "type": "array",
                          "title": "Rules",
                          "items": {
                            "type": "object",
                            "title": "Get firewall rule response",
                            "required": [
                              "id"
                            ],
                            "allOf": [
                              {
                                "type": "object",
                                "title": "Firewall rule",
                                "properties": {
                                  "name": {
                                    "type": "string",
                                    "title": "Firewall rule name"
                                  },
                                  "description": {
                                    "type": "string",
                                    "title": "Firewall rule description"
                                  },
                                  "program": {
                                    "type": "string",
                                    "title": "Firewall rule program"
                                  },
                                  "action": {
                                    "type": "string",
                                    "title": "Firewall rule action",
                                    "enum": [
                                      "ALLOW",
                                      "BLOCK"
                                    ]
                                  },
                                  "direction": {
                                    "type": "string",
                                    "title": "Firewall rule direction",
                                    "enum": [
                                      "IN",
                                      "OUT"
                                    ]
                                  },
                                  "enabled": {
                                    "type": "boolean",
                                    "title": "Enabled"
                                  },
                                  "location": {
                                    "type": "number",
                                    "title": "Location"
                                  },
                                  "local_addresses": {
                                    "type": "array",
                                    "title": "Local addresses",
                                    "items": {
                                      "anyOf": [
                                        {
                                          "type": "string",
                                          "description": "local IPv4 address",
                                          "format": "ipv4"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local explicit IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(-)(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "local CIDR IPv4 range",
                                          "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[012])$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 address",
                                          "format": "ipv6"
                                        },
                                        {
                                          "type": "string",
                                          "description": "IPv6 range CIDR",
                                          "pattern": "^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}/[0-9]{1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}/[0-9]{1,3}$|^[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}/[0-9]{1,3}$|^:(?::[0-9a-fA-F]{1,4}){1,7}/[0-9]{1,3}$|^fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}/[0-9]{1,3}$|^::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3})/[0-9]{1,3}$|^::/[0-9]{1,3}$"
                                        },
                                        {
                                          "type": "string",
                                          "description": "explicit IPv6 range",
                                          "pattern": "^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))-(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(:0{1,4}){0,1}:){0,1}((?:[0-9]{1,3}\\.){3}[0-9]{1,3}))$"
                                        },
                                        {
                                          "type": "string",
                                          "const": "LocalSubnet"
                                        }
                                      ]
                                    }
                                  },
                                  "local_ports": {
                                    "type": "array",
                                    "title": "Local ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_addresses": {
                                    "type": "array",
                                    "title": "Remote addresses",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "remote_ports": {
                                    "type": "array",
                                    "title": "Remote ports",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "protocol": {
                                    "type": [
                                      "integer",
                                      "null"
                                    ],
                                    "description": "Protocol number (1=ICMPv4, 6=TCP, 17=UDP, 58=ICMPv6, 256=ANY)",
                                    "enum": [
                                      0,
                                      1,
                                      2,
                                      6,
                                      17,
                                      41,
                                      43,
                                      44,
                                      47,
                                      50,
                                      51,
                                      58,
                                      59,
                                      60,
                                      112,
                                      113,
                                      115,
                                      256
                                    ]
                                  },
                                  "service": {
                                    "type": "string"
                                  },
                                  "os_type": {
                                    "type": "integer",
                                    "description": "The OS type to which the rule applies. (1=workstation, 2=server, 3=both)",
                                    "enum": [
                                      1,
                                      2,
                                      3
                                    ]
                                  }
                                }
                              },
                              {
                                "properties": {
                                  "id": {
                                    "type": "string",
                                    "title": "Firewall rule ID"
                                  },
                                  "created_at": {
                                    "type": "string",
                                    "title": "Created at",
                                    "format": "date-time"
                                  },
                                  "updated_at": {
                                    "type": "string",
                                    "title": "Updated at",
                                    "format": "date-time"
                                  },
                                  "deleted_at": {
                                    "type": "string",
                                    "title": "Deleted at",
                                    "format": "date-time"
                                  },
                                  "created_by": {
                                    "type": "string",
                                    "title": "Created by"
                                  },
                                  "updated_by": {
                                    "type": "string",
                                    "title": "Updated by"
                                  },
                                  "deleted_by": {
                                    "type": "string",
                                    "title": "Deleted by"
                                  },
                                  "account_id": {
                                    "type": "string",
                                    "title": "Account ID",
                                    "format": "uuid"
                                  },
                                  "parent_account_id": {
                                    "type": "string",
                                    "title": "Parent account ID",
                                    "format": "uuid"
                                  },
                                  "etag": {
                                    "type": "string",
                                    "title": "ETag"
                                  },
                                  "is_default": {
                                    "type": "boolean",
                                    "title": "Indicated whether the rule is default"
                                  },
                                  "edge_traversal": {
                                    "type": "integer",
                                    "title": "Edge traversal"
                                  },
                                  "icmp_types": {
                                    "type": "string",
                                    "description": "ICMP types"
                                  }
                                }
                              }
                            ]
                          }
                        },
                        "is_default": {
                          "type": "boolean",
                          "title": "Indicated whether the ruleset is default"
                        },
                        "internal_name": {
                          "type": "string",
                          "title": "Internal name"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.put.firewall.ruleset"
      }
    },
    "/nebula/v1/firewall/policies/{id}/history": {
      "get": {
        "description": "Get firewall policy history",
        "summary": "Get firewall policy history",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "id",
            "required": true,
            "in": "path",
            "description": "Valid UUID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "Firewall policy history",
                  "type": "array",
                  "items": {
                    "type": "object",
                    "properties": {
                      "id": {
                        "type": "number"
                      },
                      "timestamp": {
                        "type": "string"
                      },
                      "entity_type": {
                        "type": "string"
                      },
                      "entity_id": {
                        "type": "string"
                      },
                      "operation": {
                        "type": "string"
                      },
                      "relation_id": {
                        "type": "string"
                      },
                      "relation_entity_type": {
                        "type": "string"
                      },
                      "user_id": {
                        "type": [
                          "string",
                          "null"
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Firewall Management"
        ],
        "operationId": "api.nebula.get.firewall.policy.history"
      }
    },
    "/nebula/v1/casemgmt/cases/comments": {
      "get": {
        "description": "Get cases comments",
        "summary": "Get cases comments",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "array",
                  "title": "Case comments response",
                  "examples": [
                    [
                      {
                        "comment": null,
                        "lastEditorId": null,
                        "lastEditorFullName": null,
                        "fileId": 1002,
                        "fileType": null,
                        "fileName": null,
                        "isDeleted": false,
                        "creatorUserId": "Automation",
                        "creatorFullName": null,
                        "id": 1002,
                        "type": 4,
                        "caseId": 56,
                        "isFavorite": false,
                        "modificationTimeUnixTimeInMs": 1725537349316,
                        "creationTimeUnixTimeInMs": 1725537349316,
                        "alertIdentifier": "f7099fbd-1e1e-54dc-a8fb-dddef362f715"
                      }
                    ]
                  ],
                  "items": [
                    {
                      "type": "object",
                      "properties": {
                        "comment": {
                          "type": "string",
                          "title": "comment",
                          "default": ""
                        },
                        "lastEditorId": {
                          "type": "string",
                          "title": "lastEditorId",
                          "default": ""
                        },
                        "lastEditorFullName": {
                          "type": "string",
                          "title": "lastEditorFullName",
                          "default": ""
                        },
                        "fileId": {
                          "type": "number",
                          "title": "fileId",
                          "default": 0
                        },
                        "fileType": {
                          "type": "string",
                          "title": "fileType",
                          "default": ""
                        },
                        "fileName": {
                          "type": "string",
                          "title": "fileName",
                          "default": ""
                        },
                        "isDeleted": {
                          "type": "boolean",
                          "title": "isDeleted",
                          "default": false
                        },
                        "creatorUserId": {
                          "type": "string",
                          "title": "creatorUserId",
                          "default": ""
                        },
                        "creatorFullName": {
                          "type": "string",
                          "title": "creatorFullName",
                          "default": ""
                        },
                        "alertIdentifier": {
                          "type": "string",
                          "title": "alertIdentifier",
                          "default": ""
                        },
                        "id": {
                          "type": "number",
                          "title": "id",
                          "default": 0
                        },
                        "type": {
                          "type": "number",
                          "title": "type",
                          "default": 0
                        },
                        "caseId": {
                          "type": "number",
                          "title": "caseId",
                          "default": 0
                        },
                        "isFavorite": {
                          "type": "boolean",
                          "title": "isFavorite",
                          "default": false
                        },
                        "modificationTimeUnixTimeInMs": {
                          "type": "number",
                          "title": "modificationTimeUnixTimeInMs",
                          "default": 0
                        },
                        "creationTimeUnixTimeInMs": {
                          "type": "number",
                          "title": "creationTimeUnixTimeInMs",
                          "default": 0
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.comments.get"
      },
      "post": {
        "description": "Post cases comments",
        "summary": "Post cases comments",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "region",
            "required": true,
            "in": "query",
            "description": "Region",
            "schema": {
              "type": "string",
              "enum": [
                "us",
                "emea",
                "secops"
              ]
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Post Case Comments",
                "required": [
                  "caseId",
                  "alertIdentifier"
                ],
                "properties": {
                  "caseId": {
                    "type": "number",
                    "title": "caseId"
                  },
                  "alertIdentifier": {
                    "type": "string",
                    "title": "alertIdentifier"
                  },
                  "base64Blob": {
                    "type": "string",
                    "title": "base64Blob"
                  },
                  "fileType": {
                    "type": "string",
                    "title": "fileType"
                  },
                  "fileName": {
                    "type": "string",
                    "title": "fileName"
                  },
                  "comment": {
                    "type": "string",
                    "title": "comment"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Post cases comments response",
                  "examples": [
                    {
                      "comment": null,
                      "lastEditorId": null,
                      "lastEditorFullName": null,
                      "fileId": 1013,
                      "fileType": null,
                      "fileName": null,
                      "isDeleted": false,
                      "creatorUserId": "Automation",
                      "creatorFullName": null,
                      "id": 1013,
                      "type": 4,
                      "caseId": 71,
                      "isFavorite": false,
                      "modificationTimeUnixTimeInMs": 1725968640120,
                      "creationTimeUnixTimeInMs": 1725968640120,
                      "alertIdentifier": "(DE) MALWARE.AI.40000000000_6940B0D9-7A3D-5132-BDBE-BFFD23100ED3"
                    }
                  ],
                  "properties": {
                    "comment": {
                      "type": "string"
                    },
                    "lastEditorId": {
                      "type": "string"
                    },
                    "lastEditorFullName": {
                      "type": "string"
                    },
                    "fileId": {
                      "type": "integer"
                    },
                    "fileType": {
                      "type": "string"
                    },
                    "fileName": {
                      "type": "string"
                    },
                    "isDeleted": {
                      "type": "boolean"
                    },
                    "creatorUserId": {
                      "type": "string"
                    },
                    "creatorFullName": {
                      "type": "string"
                    },
                    "id": {
                      "type": "integer"
                    },
                    "type": {
                      "type": "integer"
                    },
                    "caseId": {
                      "type": "integer"
                    },
                    "isFavorite": {
                      "type": "boolean"
                    },
                    "modificationTimeUnixTimeInMs": {
                      "type": "integer"
                    },
                    "creationTimeUnixTimeInMs": {
                      "type": "integer"
                    },
                    "alertIdentifier": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.comments.post"
      }
    },
    "/nebula/v1/casemgmt/cases/file": {
      "get": {
        "description": "Get cases file",
        "summary": "Get cases file",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "string",
                  "title": "Case file response"
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.file.get"
      }
    },
    "/nebula/v1/casemgmt/cases/overview": {
      "get": {
        "description": "Get cases overview",
        "summary": "Get cases overview",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Case overview response",
                  "examples": [
                    {
                      "id": 56,
                      "creationTimeUnixTimeInMs": 1712752654954,
                      "modificationTimeUnixTimeInMs": 1725621115026,
                      "name": "(DE) Roh-Det : Trojan.MBAMTest",
                      "priority": -1,
                      "isImportant": false,
                      "isIncident": false,
                      "startTimeUnixTimeInMs": 1712752702240,
                      "endTimeUnixTimeInMs": 1712752702240,
                      "assignedUser": "a57505c2-5722-46e7-a48d-9be35eab21b3",
                      "description": null,
                      "isTestCase": false,
                      "type": 0,
                      "stage": "Triage",
                      "environment": "rFmzqNuFQ MSP - Rohin MDR 23c7cf8b-8336-43c2-82f5-853ec1e8c77f",
                      "status": 2,
                      "incidentId": null,
                      "tags": [],
                      "alertCards": [
                        {
                          "id": 1147,
                          "creationTimeUnixTimeInMs": 1712752655013,
                          "modificationTimeUnixTimeInMs": 1712753155482,
                          "identifier": "(DE) TROJAN.MBAMTEST_F7099FBD-1E1E-54DC-A8FB-DDDEF362F715",
                          "status": 1,
                          "name": "(DE) TROJAN.MBAMTEST",
                          "priority": -1,
                          "workflowsStatus": 0,
                          "slaExpirationUnixTime": null,
                          "slaCriticalExpirationUnixTime": null,
                          "startTime": 1712752654479,
                          "endTime": 1712752654479,
                          "alertGroupIdentifier": "(DE) Roh-Det : Trojan.MBAMTestDm9dcjlFtCDNdnPLPIFOnsVICG0SSdpGUjBZv16LRLI=_d5f61ec2-c5a5-4a77-8ac1-2e945af34b90",
                          "eventsCount": 1,
                          "title": "(DE) TROJAN.MBAMTEST",
                          "ruleGenerator": "(DE) Roh-Det : Trojan.MBAMTest",
                          "deviceProduct": "Nebula",
                          "deviceVendor": "Malwarebytes",
                          "playbookAttached": null,
                          "playbookRunCount": 0,
                          "isManualAlert": false,
                          "sla": {
                            "slaExpirationTime": null,
                            "criticalExpirationTime": null,
                            "expirationStatus": 2,
                            "remainingTimeSinceLastPause": null
                          },
                          "fieldsGroups": [],
                          "sourceUrl": null,
                          "sourceRuleUrl": null,
                          "siemAlertId": null
                        },
                        {
                          "id": 1150,
                          "creationTimeUnixTimeInMs": 1712752656390,
                          "modificationTimeUnixTimeInMs": 1712753155482,
                          "identifier": "(DE) EXPLOIT_6CFD4680-B796-5867-AE89-5D458F9BD784",
                          "status": 1,
                          "name": "(DE) EXPLOIT",
                          "priority": -1,
                          "workflowsStatus": 0,
                          "slaExpirationUnixTime": null,
                          "slaCriticalExpirationUnixTime": null,
                          "startTime": 1712752654792,
                          "endTime": 1712752654792,
                          "alertGroupIdentifier": "(DE) Roh-Det : exploit/dABfai6Wvrd8qF9KVQbUm4gtUoufyW+w0jydVP4XMk=_0d5510de-41b4-4f59-8af4-aeb7f0d6c8f6",
                          "eventsCount": 1,
                          "title": "(DE) EXPLOIT",
                          "ruleGenerator": "(DE) Roh-Det : exploit",
                          "deviceProduct": "Nebula",
                          "deviceVendor": "Malwarebytes",
                          "playbookAttached": null,
                          "playbookRunCount": 0,
                          "isManualAlert": false,
                          "sla": {
                            "slaExpirationTime": null,
                            "criticalExpirationTime": null,
                            "expirationStatus": 2,
                            "remainingTimeSinceLastPause": null
                          },
                          "fieldsGroups": [],
                          "sourceUrl": null,
                          "sourceRuleUrl": null,
                          "siemAlertId": null
                        },
                        {
                          "id": 1151,
                          "creationTimeUnixTimeInMs": 1712752656785,
                          "modificationTimeUnixTimeInMs": 1712753155482,
                          "identifier": "(DE) RANSOMWARE.SCRIPT_259CF705-6EC6-53C7-889A-150EDEA3F54C",
                          "status": 1,
                          "name": "(DE) RANSOMWARE.SCRIPT",
                          "priority": -1,
                          "workflowsStatus": 0,
                          "slaExpirationUnixTime": null,
                          "slaCriticalExpirationUnixTime": null,
                          "startTime": 1712752654883,
                          "endTime": 1712752654883,
                          "alertGroupIdentifier": "(DE) Roh-Det : ransomware.scriptVF1KEvOwxSsd+oBQtb3ejxdVqFP1wPn0QkHKk9wqpbU=_0a660865-9c60-4bf9-8b7e-6d2c8a708542",
                          "eventsCount": 1,
                          "title": "(DE) RANSOMWARE.SCRIPT",
                          "ruleGenerator": "(DE) Roh-Det : ransomware.script",
                          "deviceProduct": "Nebula",
                          "deviceVendor": "Malwarebytes",
                          "playbookAttached": null,
                          "playbookRunCount": 0,
                          "isManualAlert": false,
                          "sla": {
                            "slaExpirationTime": null,
                            "criticalExpirationTime": null,
                            "expirationStatus": 2,
                            "remainingTimeSinceLastPause": null
                          },
                          "fieldsGroups": [],
                          "sourceUrl": null,
                          "sourceRuleUrl": null,
                          "siemAlertId": null
                        },
                        {
                          "id": 1152,
                          "creationTimeUnixTimeInMs": 1712752702820,
                          "modificationTimeUnixTimeInMs": 1712753155482,
                          "identifier": "(DE) TROJAN.MBAMTEST_08E0B2F2-DBE4-5A05-BDD0-4D2D6DB51843",
                          "status": 1,
                          "name": "(DE) TROJAN.MBAMTEST",
                          "priority": -1,
                          "workflowsStatus": 0,
                          "slaExpirationUnixTime": null,
                          "slaCriticalExpirationUnixTime": null,
                          "startTime": 1712752702240,
                          "endTime": 1712752702240,
                          "alertGroupIdentifier": "(DE) Roh-Det : Trojan.MBAMTestOiDuUIAKA7iFZUhTraRGsycSGJwPpaJkuWH9HJRyoDs=_b031eded-9dc0-4434-94fc-aa37080074ca",
                          "eventsCount": 1,
                          "title": "(DE) TROJAN.MBAMTEST",
                          "ruleGenerator": "(DE) Roh-Det : Trojan.MBAMTest",
                          "deviceProduct": "Nebula",
                          "deviceVendor": "Malwarebytes",
                          "playbookAttached": null,
                          "playbookRunCount": 0,
                          "isManualAlert": false,
                          "sla": {
                            "slaExpirationTime": null,
                            "criticalExpirationTime": null,
                            "expirationStatus": 2,
                            "remainingTimeSinceLastPause": null
                          },
                          "fieldsGroups": [],
                          "sourceUrl": null,
                          "sourceRuleUrl": null,
                          "siemAlertId": null
                        },
                        {
                          "id": 1148,
                          "creationTimeUnixTimeInMs": 1712752655618,
                          "modificationTimeUnixTimeInMs": 1712753155482,
                          "identifier": "(DE) TROJAN.MBAMTEST_B51E80C8-B790-50E4-8CBF-0053A7E00D42",
                          "status": 1,
                          "name": "(DE) TROJAN.MBAMTEST",
                          "priority": -1,
                          "workflowsStatus": 0,
                          "slaExpirationUnixTime": null,
                          "slaCriticalExpirationUnixTime": null,
                          "startTime": 1712752654559,
                          "endTime": 1712752654559,
                          "alertGroupIdentifier": "(DE) Roh-Det : Trojan.MBAMTestpcDwx3p0RzHE2VIDDcxpkQqOYQoP/FRZzQGEIcmShCU=_c883249d-320a-473e-b22a-319bfdb33b15",
                          "eventsCount": 1,
                          "title": "(DE) TROJAN.MBAMTEST",
                          "ruleGenerator": "(DE) Roh-Det : Trojan.MBAMTest",
                          "deviceProduct": "Nebula",
                          "deviceVendor": "Malwarebytes",
                          "playbookAttached": null,
                          "playbookRunCount": 0,
                          "isManualAlert": false,
                          "sla": {
                            "slaExpirationTime": null,
                            "criticalExpirationTime": null,
                            "expirationStatus": 2,
                            "remainingTimeSinceLastPause": null
                          },
                          "fieldsGroups": [],
                          "sourceUrl": null,
                          "sourceRuleUrl": null,
                          "siemAlertId": null
                        },
                        {
                          "id": 1149,
                          "creationTimeUnixTimeInMs": 1712752656010,
                          "modificationTimeUnixTimeInMs": 1712753155482,
                          "identifier": "(DE) TROJAN.MBAMTEST_6CD3644B-81A6-5318-91AA-7589EA8B6AA4",
                          "status": 1,
                          "name": "(DE) TROJAN.MBAMTEST",
                          "priority": -1,
                          "workflowsStatus": 0,
                          "slaExpirationUnixTime": null,
                          "slaCriticalExpirationUnixTime": null,
                          "startTime": 1712752654674,
                          "endTime": 1712752654674,
                          "alertGroupIdentifier": "(DE) Roh-Det : Trojan.MBAMTestKQK/CII8WWRWIr6/TsaqUpVe9+9hMI1Ng0aWbRRbHKc=_569a6ac7-949f-4e6f-bd64-9d940e3dba85",
                          "eventsCount": 1,
                          "title": "(DE) TROJAN.MBAMTEST",
                          "ruleGenerator": "(DE) Roh-Det : Trojan.MBAMTest",
                          "deviceProduct": "Nebula",
                          "deviceVendor": "Malwarebytes",
                          "playbookAttached": null,
                          "playbookRunCount": 0,
                          "isManualAlert": false,
                          "sla": {
                            "slaExpirationTime": null,
                            "criticalExpirationTime": null,
                            "expirationStatus": 2,
                            "remainingTimeSinceLastPause": null
                          },
                          "fieldsGroups": [],
                          "sourceUrl": null,
                          "sourceRuleUrl": null,
                          "siemAlertId": null
                        }
                      ],
                      "isOverflowCase": false,
                      "isManualCase": false,
                      "slaExpirationUnixTime": null,
                      "slaCriticalExpirationUnixTime": null,
                      "stageSlaExpirationUnixTimeInMs": null,
                      "stageSlaCriticalExpirationUnixTimeInMs": null,
                      "canOpenIncident": false,
                      "sla": {
                        "slaExpirationTime": null,
                        "criticalExpirationTime": null,
                        "expirationStatus": 2,
                        "remainingTimeSinceLastPause": null
                      },
                      "stageSla": {
                        "slaExpirationTime": null,
                        "criticalExpirationTime": null,
                        "expirationStatus": 2,
                        "remainingTimeSinceLastPause": null
                      },
                      "relatedAlertTicketId": null
                    }
                  ],
                  "properties": {
                    "id": {
                      "type": "integer"
                    },
                    "creationTimeUnixTimeInMs": {
                      "type": "integer"
                    },
                    "modificationTimeUnixTimeInMs": {
                      "type": "integer"
                    },
                    "name": {
                      "type": "string"
                    },
                    "priority": {
                      "type": "integer"
                    },
                    "isImportant": {
                      "type": "boolean"
                    },
                    "isIncident": {
                      "type": "boolean"
                    },
                    "startTimeUnixTimeInMs": {
                      "type": "integer"
                    },
                    "endTimeUnixTimeInMs": {
                      "type": "integer"
                    },
                    "assignedUser": {
                      "type": "string"
                    },
                    "description": {
                      "type": "string"
                    },
                    "isTestCase": {
                      "type": "boolean"
                    },
                    "type": {
                      "type": "integer"
                    },
                    "stage": {
                      "type": "string"
                    },
                    "environment": {
                      "type": "string"
                    },
                    "status": {
                      "type": "integer"
                    },
                    "incidentId": {
                      "type": "integer"
                    },
                    "tags": {
                      "type": "array",
                      "items": [
                        {
                          "type": "string"
                        }
                      ]
                    },
                    "alertCards": {
                      "type": "array",
                      "items": [
                        {
                          "type": "object",
                          "properties": {
                            "id": {
                              "type": "integer"
                            },
                            "creationTimeUnixTimeInMs": {
                              "type": "integer"
                            },
                            "modificationTimeUnixTimeInMs": {
                              "type": "integer"
                            },
                            "identifier": {
                              "type": "string"
                            },
                            "status": {
                              "type": "integer"
                            },
                            "name": {
                              "type": "string"
                            },
                            "priority": {
                              "type": "integer"
                            },
                            "workflowsStatus": {
                              "type": "integer"
                            },
                            "slaExpirationUnixTime": {
                              "type": "integer"
                            },
                            "slaCriticalExpirationUnixTime": {
                              "type": "integer"
                            },
                            "startTime": {
                              "type": "integer"
                            },
                            "endTime": {
                              "type": "integer"
                            },
                            "alertGroupIdentifier": {
                              "type": "string"
                            },
                            "eventsCount": {
                              "type": "integer"
                            },
                            "title": {
                              "type": "string"
                            },
                            "ruleGenerator": {
                              "type": "string"
                            },
                            "deviceProduct": {
                              "type": "string"
                            },
                            "deviceVendor": {
                              "type": "string"
                            },
                            "playbookAttached": {
                              "type": "string"
                            },
                            "playbookRunCount": {
                              "type": "integer"
                            },
                            "isManualAlert": {
                              "type": "boolean"
                            },
                            "sla": {
                              "type": "object"
                            },
                            "fieldsGroups": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "object",
                                  "properties": {
                                    "order": {
                                      "type": "integer"
                                    },
                                    "groupName": {
                                      "type": "string"
                                    },
                                    "isIntegration": {
                                      "type": "boolean"
                                    },
                                    "isHighlight": {
                                      "type": "boolean"
                                    },
                                    "items": {
                                      "type": "array",
                                      "items": [
                                        {
                                          "type": "object"
                                        }
                                      ]
                                    }
                                  }
                                }
                              ]
                            },
                            "sourceUrl": {
                              "type": "string"
                            },
                            "sourceRuleUrl": {
                              "type": "string"
                            },
                            "siemAlertId": {
                              "type": "string"
                            }
                          }
                        }
                      ]
                    },
                    "isOverflowCase": {
                      "type": "boolean"
                    },
                    "isManualCase": {
                      "type": "boolean"
                    },
                    "slaExpirationUnixTime": {
                      "type": "integer"
                    },
                    "slaCriticalExpirationUnixTime": {
                      "type": "integer"
                    },
                    "stageSlaExpirationUnixTimeInMs": {
                      "type": "integer"
                    },
                    "stageSlaCriticalExpirationUnixTimeInMs": {
                      "type": "integer"
                    },
                    "canOpenIncident": {
                      "type": "boolean"
                    },
                    "sla": {
                      "type": "object"
                    },
                    "stageSla": {
                      "type": "object"
                    },
                    "relatedAlertTicketId": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.overview.get"
      }
    },
    "/nebula/v1/casemgmt/cases/wall": {
      "get": {
        "description": "Get cases wall",
        "summary": "Get cases wall",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.wall.get"
      }
    },
    "/nebula/v1/casemgmt/multiplexer/cases": {
      "get": {
        "description": "Get multiplexer cases",
        "summary": "Get multiplexer cases",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "timeFilter",
            "required": false,
            "in": "query",
            "description": "time filter",
            "schema": {
              "type": "string",
              "enum": [
                "custom",
                "last_day",
                "last_2_days",
                "last_3_days",
                "last_week",
                "last_2_weeks",
                "last_month",
                "last_3_months",
                "last_6_months",
                "last_year"
              ]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Multiplexer cases response",
                  "examples": [
                    {
                      "secops": {
                        "results": [
                          {
                            "id": 2456,
                            "title": "(DE) Chronicle_DEMO : Trojan.MBAMTest",
                            "time": "2024-08-19T10:00:23.544Z",
                            "closingTime": null,
                            "tags": [
                              "WEB DETECTION",
                              "TROJAN",
                              "SUSPICIOUS"
                            ],
                            "products": [
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula"
                            ],
                            "alertNames": [],
                            "ticketIds": [
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||fec957fb-8404-57e2-bfc7-98382f9adc99",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||11b8f173-a966-5f40-9be3-98fb142a0bfd",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||77035722-2187-5219-ad26-5774768ac69c",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||d6c9defd-769f-5c3b-a9d9-d5cc2c2def3b",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||c679f20f-2d8d-54b5-95c1-be6d5c333984",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||2eacbaa8-f975-50fc-bac0-4193a560e46a",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568072",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568074"
                            ],
                            "eventNames": [],
                            "sources": [],
                            "destinations": [],
                            "artificats": [],
                            "ports": [],
                            "outcomes": [
                              "deleted",
                              "found",
                              "restored",
                              "detected"
                            ],
                            "userAssigned": "@Analyst",
                            "isImportant": false,
                            "isIncident": false,
                            "involvedSuspiciousEntity": false,
                            "isCaseClosed": false,
                            "environment": "rFmzqNuFQ MSP - Rohin MDR 23c7cf8b-8336-43c2-82f5-853ec1e8c77f",
                            "priority": -1,
                            "stage": "New Case",
                            "closeReason": null,
                            "rootCause": null,
                            "alertsCount": 14,
                            "updated_at": 1726750609684,
                            "endpoint_info": {
                              "machine_id": "8458e6b9-5682-449e-9825-cb2266cd3bc1",
                              "machine_name": "Roho-casemgmt"
                            }
                          }
                        ],
                        "totalCount": 1,
                        "pageNumber": 0,
                        "pageSize": 0
                      },
                      "us": {
                        "results": [
                          {
                            "id": 2456,
                            "title": "(DE) Chronicle_DEMO : Trojan.MBAMTest",
                            "time": "2024-08-19T10:00:23.544Z",
                            "closingTime": null,
                            "tags": [
                              "WEB DETECTION",
                              "TROJAN",
                              "SUSPICIOUS"
                            ],
                            "products": [
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula"
                            ],
                            "alertNames": [],
                            "ticketIds": [
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||fec957fb-8404-57e2-bfc7-98382f9adc99",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||11b8f173-a966-5f40-9be3-98fb142a0bfd",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||77035722-2187-5219-ad26-5774768ac69c",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||d6c9defd-769f-5c3b-a9d9-d5cc2c2def3b",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||c679f20f-2d8d-54b5-95c1-be6d5c333984",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||2eacbaa8-f975-50fc-bac0-4193a560e46a",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568072",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568074"
                            ],
                            "eventNames": [],
                            "sources": [],
                            "destinations": [],
                            "artificats": [],
                            "ports": [],
                            "outcomes": [
                              "deleted",
                              "found",
                              "restored",
                              "detected"
                            ],
                            "userAssigned": "@Analyst",
                            "isImportant": false,
                            "isIncident": false,
                            "involvedSuspiciousEntity": false,
                            "isCaseClosed": false,
                            "environment": "rFmzqNuFQ MSP - Rohin MDR 23c7cf8b-8336-43c2-82f5-853ec1e8c77f",
                            "priority": -1,
                            "stage": "New Case",
                            "closeReason": null,
                            "rootCause": null,
                            "alertsCount": 14,
                            "updated_at": 1726750609684,
                            "endpoint_info": {
                              "machine_id": "8458e6b9-5682-449e-9825-cb2266cd3bc1",
                              "machine_name": "Roho-casemgmt"
                            }
                          }
                        ],
                        "totalCount": 1,
                        "pageNumber": 0,
                        "pageSize": 0
                      },
                      "emea": {
                        "results": [
                          {
                            "id": 2456,
                            "title": "(DE) Chronicle_DEMO : Trojan.MBAMTest",
                            "time": "2024-08-19T10:00:23.544Z",
                            "closingTime": null,
                            "tags": [
                              "WEB DETECTION",
                              "TROJAN",
                              "SUSPICIOUS"
                            ],
                            "products": [
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula",
                              "Nebula"
                            ],
                            "alertNames": [],
                            "ticketIds": [
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||fec957fb-8404-57e2-bfc7-98382f9adc99",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||11b8f173-a966-5f40-9be3-98fb142a0bfd",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||77035722-2187-5219-ad26-5774768ac69c",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||d6c9defd-769f-5c3b-a9d9-d5cc2c2def3b",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||c679f20f-2d8d-54b5-95c1-be6d5c333984",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||2eacbaa8-f975-50fc-bac0-4193a560e46a",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568072",
                              "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568074"
                            ],
                            "eventNames": [],
                            "sources": [],
                            "destinations": [],
                            "artificats": [],
                            "ports": [],
                            "outcomes": [
                              "deleted",
                              "found",
                              "restored",
                              "detected"
                            ],
                            "userAssigned": "@Analyst",
                            "isImportant": false,
                            "isIncident": false,
                            "involvedSuspiciousEntity": false,
                            "isCaseClosed": false,
                            "environment": "rFmzqNuFQ MSP - Rohin MDR 23c7cf8b-8336-43c2-82f5-853ec1e8c77f",
                            "priority": -1,
                            "stage": "New Case",
                            "closeReason": null,
                            "rootCause": null,
                            "alertsCount": 14,
                            "updated_at": 1726750609684,
                            "endpoint_info": {
                              "machine_id": "8458e6b9-5682-449e-9825-cb2266cd3bc1",
                              "machine_name": "Roho-casemgmt"
                            }
                          }
                        ],
                        "totalCount": 1,
                        "pageNumber": 0,
                        "pageSize": 0
                      }
                    }
                  ],
                  "properties": {
                    "secops": {
                      "type": "object",
                      "properties": {
                        "results": {
                          "type": "array",
                          "items": [
                            {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer"
                                },
                                "title": {
                                  "type": "string"
                                },
                                "time": {
                                  "type": "string"
                                },
                                "closingTime": {
                                  "type": "string"
                                },
                                "tags": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "products": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "alertNames": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "ticketIds": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "eventNames": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "sources": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "destinations": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "artificats": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "ports": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "outcomes": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "userAssigned": {
                                  "type": "string"
                                },
                                "isImportant": {
                                  "type": "boolean"
                                },
                                "isIncident": {
                                  "type": "boolean"
                                },
                                "involvedSuspiciousEntity": {
                                  "type": "boolean"
                                },
                                "isCaseClosed": {
                                  "type": "boolean"
                                },
                                "environment": {
                                  "type": "string"
                                },
                                "priority": {
                                  "type": "integer"
                                },
                                "stage": {
                                  "type": "string"
                                },
                                "closeReason": {
                                  "type": "string"
                                },
                                "rootCause": {
                                  "type": "string"
                                },
                                "alertsCount": {
                                  "type": "integer"
                                },
                                "updated_at": {
                                  "type": "integer"
                                },
                                "endpoint_info": {
                                  "type": "object",
                                  "properties": {
                                    "machine_id": {
                                      "type": "string"
                                    },
                                    "machine_name": {
                                      "type": "string"
                                    }
                                  }
                                }
                              }
                            }
                          ]
                        },
                        "totalCount": {
                          "type": "integer"
                        },
                        "pageNumber": {
                          "type": "integer"
                        },
                        "pageSize": {
                          "type": "integer"
                        }
                      },
                      "required": [
                        "results",
                        "totalCount",
                        "pageNumber",
                        "pageSize"
                      ]
                    },
                    "us": {
                      "type": "object",
                      "properties": {
                        "results": {
                          "type": "array",
                          "items": [
                            {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer"
                                },
                                "title": {
                                  "type": "string"
                                },
                                "time": {
                                  "type": "string"
                                },
                                "closingTime": {
                                  "type": "string"
                                },
                                "tags": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "products": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "alertNames": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "ticketIds": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "eventNames": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "sources": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "destinations": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "artificats": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "ports": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "outcomes": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "userAssigned": {
                                  "type": "string"
                                },
                                "isImportant": {
                                  "type": "boolean"
                                },
                                "isIncident": {
                                  "type": "boolean"
                                },
                                "involvedSuspiciousEntity": {
                                  "type": "boolean"
                                },
                                "isCaseClosed": {
                                  "type": "boolean"
                                },
                                "environment": {
                                  "type": "string"
                                },
                                "priority": {
                                  "type": "integer"
                                },
                                "stage": {
                                  "type": "string"
                                },
                                "closeReason": {
                                  "type": "string"
                                },
                                "rootCause": {
                                  "type": "string"
                                },
                                "alertsCount": {
                                  "type": "integer"
                                },
                                "updated_at": {
                                  "type": "integer"
                                },
                                "endpoint_info": {
                                  "type": "object",
                                  "properties": {
                                    "machine_id": {
                                      "type": "string"
                                    },
                                    "machine_name": {
                                      "type": "string"
                                    }
                                  }
                                }
                              }
                            }
                          ]
                        },
                        "totalCount": {
                          "type": "integer"
                        },
                        "pageNumber": {
                          "type": "integer"
                        },
                        "pageSize": {
                          "type": "integer"
                        }
                      },
                      "required": [
                        "results",
                        "totalCount",
                        "pageNumber",
                        "pageSize"
                      ]
                    },
                    "emea": {
                      "type": "object",
                      "properties": {
                        "results": {
                          "type": "array",
                          "items": [
                            {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer"
                                },
                                "title": {
                                  "type": "string"
                                },
                                "time": {
                                  "type": "string"
                                },
                                "closingTime": {
                                  "type": "string"
                                },
                                "tags": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "products": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "alertNames": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "ticketIds": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "eventNames": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "sources": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "destinations": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "artificats": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "ports": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "outcomes": {
                                  "type": "array",
                                  "items": [
                                    {
                                      "type": "string"
                                    }
                                  ]
                                },
                                "userAssigned": {
                                  "type": "string"
                                },
                                "isImportant": {
                                  "type": "boolean"
                                },
                                "isIncident": {
                                  "type": "boolean"
                                },
                                "involvedSuspiciousEntity": {
                                  "type": "boolean"
                                },
                                "isCaseClosed": {
                                  "type": "boolean"
                                },
                                "environment": {
                                  "type": "string"
                                },
                                "priority": {
                                  "type": "integer"
                                },
                                "stage": {
                                  "type": "string"
                                },
                                "closeReason": {
                                  "type": "string"
                                },
                                "rootCause": {
                                  "type": "string"
                                },
                                "alertsCount": {
                                  "type": "integer"
                                },
                                "updated_at": {
                                  "type": "integer"
                                },
                                "endpoint_info": {
                                  "type": "object",
                                  "properties": {
                                    "machine_id": {
                                      "type": "string"
                                    },
                                    "machine_name": {
                                      "type": "string"
                                    }
                                  }
                                }
                              }
                            }
                          ]
                        },
                        "totalCount": {
                          "type": "integer"
                        },
                        "pageNumber": {
                          "type": "integer"
                        },
                        "pageSize": {
                          "type": "integer"
                        }
                      },
                      "required": [
                        "results",
                        "totalCount",
                        "pageNumber",
                        "pageSize"
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.multiplexer.cases.get"
      }
    },
    "/nebula/v1/casemgmt/multiplexer/cases/events": {
      "get": {
        "description": "Get cases events",
        "summary": "Get Case events",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Multiplexer cases events response",
                  "examples": [
                    {
                      "caseOverview": {
                        "id": 71,
                        "creationTimeUnixTimeInMs": 1712921652190,
                        "modificationTimeUnixTimeInMs": 1725956986615,
                        "name": "(DE) alessio-mock-endpoint : Malware.AI.40000000000",
                        "priority": -1,
                        "isImportant": false,
                        "isIncident": false,
                        "startTimeUnixTimeInMs": 1712921662880,
                        "endTimeUnixTimeInMs": 1712921662880,
                        "assignedUser": "a57505c2-5722-46e7-a48d-9be35eab21b3",
                        "description": null,
                        "isTestCase": false,
                        "type": 0,
                        "stage": "Triage",
                        "environment": "Test-Account3 550a20b8-6d36-4222-afbc-54d100f2e894",
                        "status": 2,
                        "incidentId": null,
                        "tags": [],
                        "alertCards": [
                          {
                            "id": 1313,
                            "creationTimeUnixTimeInMs": 1712921652223,
                            "modificationTimeUnixTimeInMs": 1712926418357,
                            "identifier": "(DE) MALWARE.AI.40000000000_6940B0D9-7A3D-5132-BDBE-BFFD23100ED3",
                            "status": 1,
                            "name": "(DE) MALWARE.AI.40000000000",
                            "priority": -1,
                            "workflowsStatus": 0,
                            "slaExpirationUnixTime": null,
                            "slaCriticalExpirationUnixTime": null,
                            "startTime": 1712921650142,
                            "endTime": 1712921650142,
                            "alertGroupIdentifier": "(DE) alessio-mock-endpoint : Malware.AI.40000000000yb+p8Ht/RD3x2+kkJue9z1dPZDLxWZWVRG4C2TE0Azs=_5ba3b19a-ea0a-4309-9f2f-23cc8406b121",
                            "eventsCount": 1,
                            "title": "(DE) MALWARE.AI.40000000000",
                            "ruleGenerator": "(DE) alessio-mock-endpoint : Malware.AI.40000000000",
                            "deviceProduct": "Nebula",
                            "deviceVendor": "Malwarebytes",
                            "playbookAttached": null,
                            "playbookRunCount": 0,
                            "isManualAlert": false,
                            "sla": {
                              "slaExpirationTime": null,
                              "criticalExpirationTime": null,
                              "expirationStatus": 2,
                              "remainingTimeSinceLastPause": null
                            },
                            "fieldsGroups": [],
                            "sourceUrl": null,
                            "sourceRuleUrl": null,
                            "siemAlertId": null
                          }
                        ],
                        "isOverflowCase": false,
                        "isManualCase": false,
                        "slaExpirationUnixTime": null,
                        "slaCriticalExpirationUnixTime": null,
                        "stageSlaExpirationUnixTimeInMs": null,
                        "stageSlaCriticalExpirationUnixTimeInMs": null,
                        "canOpenIncident": false,
                        "sla": {
                          "slaExpirationTime": null,
                          "criticalExpirationTime": null,
                          "expirationStatus": 2,
                          "remainingTimeSinceLastPause": null
                        },
                        "stageSla": {
                          "slaExpirationTime": null,
                          "criticalExpirationTime": null,
                          "expirationStatus": 2,
                          "remainingTimeSinceLastPause": null
                        },
                        "relatedAlertTicketId": null
                      },
                      "events": [
                        {
                          "identifier": "ff35d1c4-0208-4afb-826a-df7150076e5d",
                          "caseId": 71,
                          "alertIdentifier": "(DE) MALWARE.AI.61000000000_A9F68AB8-62C5-501F-A5BB-8DB8409F700F",
                          "name": "Malware.AI.61000000000",
                          "product": "Nebula",
                          "port": null,
                          "sourceSystemName": "Malwarebytes Nebula",
                          "outcome": "found",
                          "time": 0,
                          "type": "file",
                          "artifactEntities": [
                            "C:\\USERS\\DOWNLOADS\\ADMINISTRATOR11\\SAMPLE_THREAT.EXE",
                            "D52A306A18221C4A2D6765BD3B3C99F9"
                          ],
                          "fields": [
                            {
                              "order": 0,
                              "groupName": "Highlighted Fields",
                              "isIntegration": false,
                              "isHighlight": true,
                              "items": [
                                {
                                  "originalName": "id",
                                  "name": "id",
                                  "value": "a9f68ab8-62c5-501f-a5bb-8db8409f700f"
                                },
                                {
                                  "originalName": "category",
                                  "name": "category",
                                  "value": "MALWARE"
                                },
                                {
                                  "originalName": "status",
                                  "name": "status",
                                  "value": "found"
                                },
                                {
                                  "originalName": "is_rtp_stream_event",
                                  "name": "is_rtp_stream_event",
                                  "value": "false"
                                },
                                {
                                  "originalName": "scan_id",
                                  "name": "scan_id",
                                  "value": "18f5bc2d-11a3-53fa-8360-e61f7f1ba95a"
                                },
                                {
                                  "originalName": "threat_name",
                                  "name": "threat_name",
                                  "value": "Malware.AI.61000000000"
                                },
                                {
                                  "originalName": "name",
                                  "name": "Name",
                                  "value": "Malware.AI.61000000000"
                                }
                              ]
                            },
                            {
                              "order": 0,
                              "groupName": "Default",
                              "isIntegration": false,
                              "isHighlight": false,
                              "items": [
                                {
                                  "originalName": "child_trace_count",
                                  "name": "child_trace_count",
                                  "value": "0"
                                },
                                {
                                  "originalName": "group_name",
                                  "name": "group_name",
                                  "value": "_Alessio test"
                                },
                                {
                                  "originalName": "policy_id",
                                  "name": "policy_id",
                                  "value": "f24e4fc0-d8fd-48bf-9558-8f4222b283b5"
                                },
                                {
                                  "originalName": "policy_name",
                                  "name": "policy_name",
                                  "value": "_____________231231231231"
                                },
                                {
                                  "originalName": "managed",
                                  "name": "managed",
                                  "value": "true"
                                },
                                {
                                  "originalName": "id",
                                  "name": "id",
                                  "value": "a9f68ab8-62c5-501f-a5bb-8db8409f700f"
                                },
                                {
                                  "originalName": "category",
                                  "name": "category",
                                  "value": "MALWARE"
                                },
                                {
                                  "originalName": "status",
                                  "name": "status",
                                  "value": "found"
                                },
                                {
                                  "originalName": "group_id",
                                  "name": "group_id",
                                  "value": "a00fd4a0-d499-4f4f-acd8-7b07a1496aae"
                                },
                                {
                                  "originalName": "machine_id",
                                  "name": "machine_id",
                                  "value": "2205448e-1fe3-47cb-824d-df4871cfb900"
                                },
                                {
                                  "originalName": "is_rtp_stream_event",
                                  "name": "is_rtp_stream_event",
                                  "value": "false"
                                },
                                {
                                  "originalName": "scan_id",
                                  "name": "scan_id",
                                  "value": "18f5bc2d-11a3-53fa-8360-e61f7f1ba95a"
                                },
                                {
                                  "originalName": "rule_id",
                                  "name": "rule_id",
                                  "value": "2baad3b6-b59c-478f-856b-9d50e24ba800"
                                },
                                {
                                  "originalName": "scanned_at",
                                  "name": "scanned_at",
                                  "value": "2024-04-12T11:33:59.232786Z"
                                },
                                {
                                  "originalName": "reported_at",
                                  "name": "reported_at",
                                  "value": "2024-04-12T11:33:59.501779624Z"
                                },
                                {
                                  "originalName": "threat_name",
                                  "name": "threat_name",
                                  "value": "Malware.AI.61000000000"
                                },
                                {
                                  "originalName": "md5",
                                  "name": "md5",
                                  "value": "d52a306a18221c4a2d6765bd3b3c99f9"
                                },
                                {
                                  "originalName": "sha256",
                                  "name": "sha256",
                                  "value": "4fde13de40bc5079099488773431c7f8d5b4719ebddbc996636ea401a072993c"
                                },
                                {
                                  "originalName": "machine_name",
                                  "name": "machine_name",
                                  "value": "alessio-mock-endpoint"
                                },
                                {
                                  "originalName": "detection_id_from_endpoint",
                                  "name": "detection_id_from_endpoint",
                                  "value": "2492999c-dc59-45f6-9d70-5a230c93afa2"
                                },
                                {
                                  "originalName": "machine_ip",
                                  "name": "machine_ip",
                                  "value": "213.35.176.146"
                                },
                                {
                                  "originalName": "last_user",
                                  "name": "last_user",
                                  "value": "alessio-mock-endpoint\\administrator"
                                },
                                {
                                  "originalName": "engine_version",
                                  "name": "engine_version",
                                  "value": "1.2.0.971"
                                },
                                {
                                  "originalName": "type_1",
                                  "name": "type_1",
                                  "value": "file"
                                },
                                {
                                  "originalName": "start_time",
                                  "name": "start_time",
                                  "value": "2024-04-12T11:33:59.501779624Z"
                                },
                                {
                                  "originalName": "end_time",
                                  "name": "end_time",
                                  "value": "2024-04-12T11:33:59.501779624Z"
                                },
                                {
                                  "originalName": "nebula_link",
                                  "name": "nebula_link",
                                  "value": "https://nebula-retina-mb-qa.eng-dev.mb-internal.com/550a20b8-6d36-4222-afbc-54d100f2e894/details/endpoint/2205448e-1fe3-47cb-824d-df4871cfb900?selectedTab=detections&id=a9f68ab8-62c5-501f-a5bb-8db8409f700f"
                                }
                              ]
                            },
                            {
                              "order": 0,
                              "groupName": "Carbon Black",
                              "isIntegration": false,
                              "isHighlight": false,
                              "items": [
                                {
                                  "originalName": "path",
                                  "name": "Path",
                                  "value": "C:\\Users\\Downloads\\administrator11\\sample_threat.exe"
                                }
                              ]
                            },
                            {
                              "order": 0,
                              "groupName": "System",
                              "isIntegration": false,
                              "isHighlight": false,
                              "items": [
                                {
                                  "originalName": "name",
                                  "name": "Name",
                                  "value": "Malware.AI.61000000000"
                                }
                              ]
                            }
                          ]
                        }
                      ]
                    }
                  ],
                  "properties": {
                    "caseOverview": {
                      "type": "object",
                      "properties": {
                        "id": {
                          "type": "integer"
                        },
                        "creationTimeUnixTimeInMs": {
                          "type": "integer"
                        },
                        "modificationTimeUnixTimeInMs": {
                          "type": "integer"
                        },
                        "name": {
                          "type": "string"
                        },
                        "priority": {
                          "type": "integer"
                        },
                        "isImportant": {
                          "type": "boolean"
                        },
                        "isIncident": {
                          "type": "boolean"
                        },
                        "startTimeUnixTimeInMs": {
                          "type": "integer"
                        },
                        "endTimeUnixTimeInMs": {
                          "type": "integer"
                        },
                        "assignedUser": {
                          "type": "string"
                        },
                        "description": {
                          "type": "string"
                        },
                        "isTestCase": {
                          "type": "boolean"
                        },
                        "type": {
                          "type": "integer"
                        },
                        "stage": {
                          "type": "string"
                        },
                        "environment": {
                          "type": "string"
                        },
                        "status": {
                          "type": "integer"
                        },
                        "incidentId": {
                          "type": "boolean"
                        },
                        "tags": {
                          "type": "array",
                          "items": [
                            {
                              "type": "string"
                            }
                          ]
                        },
                        "alertCards": {
                          "type": "array",
                          "items": [
                            {
                              "type": "object",
                              "properties": {
                                "id": {
                                  "type": "integer"
                                },
                                "creationTimeUnixTimeInMs": {
                                  "type": "integer"
                                },
                                "modificationTimeUnixTimeInMs": {
                                  "type": "integer"
                                },
                                "identifier": {
                                  "type": "string"
                                },
                                "status": {
                                  "type": "integer"
                                },
                                "name": {
                                  "type": "string"
                                },
                                "priority": {
                                  "type": "integer"
                                },
                                "workflowsStatus": {
                                  "type": "integer"
                                },
                                "slaExpirationUnixTime": {
                                  "type": "integer"
                                },
                                "slaCriticalExpirationUnixTime": {
                                  "type": "integer"
                                },
                                "startTime": {
                                  "type": "integer"
                                },
                                "endTime": {
                                  "type": "integer"
                                },
                                "alertGroupIdentifier": {
                                  "type": "string"
                                },
                                "eventsCount": {
                                  "type": "integer"
                                },
                                "title": {
                                  "type": "string"
                                },
                                "ruleGenerator": {
                                  "type": "string"
                                },
                                "deviceProduct": {
                                  "type": "string"
                                },
                                "deviceVendor": {
                                  "type": "string"
                                },
                                "playbookAttached": {
                                  "type": "string"
                                },
                                "playbookRunCount": {
                                  "type": "integer"
                                },
                                "isManualAlert": {
                                  "type": "boolean"
                                },
                                "sla": {
                                  "type": "object",
                                  "properties": {
                                    "slaExpirationTime": {
                                      "type": "integer"
                                    },
                                    "criticalExpirationTime": {
                                      "type": "integer"
                                    },
                                    "expirationStatus": {
                                      "type": "integer"
                                    },
                                    "remainingTimeSinceLastPause": {
                                      "type": "integer"
                                    }
                                  }
                                },
                                "fieldsGroups": {
                                  "type": "array",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "order": {
                                        "type": "integer"
                                      },
                                      "groupName": {
                                        "type": "string"
                                      },
                                      "isIntegration": {
                                        "type": "boolean"
                                      },
                                      "isHighlight": {
                                        "type": "boolean"
                                      },
                                      "items": {
                                        "type": "array",
                                        "items": [
                                          {
                                            "type": "string"
                                          }
                                        ]
                                      }
                                    }
                                  }
                                },
                                "sourceUrl": {
                                  "type": "string"
                                },
                                "sourceRuleUrl": {
                                  "type": "string"
                                },
                                "siemAlertId": {
                                  "type": "string"
                                }
                              }
                            }
                          ]
                        },
                        "isOverflowCase": {
                          "type": "boolean"
                        },
                        "isManualCase": {
                          "type": "boolean"
                        },
                        "slaExpirationUnixTime": {
                          "type": "integer"
                        },
                        "slaCriticalExpirationUnixTime": {
                          "type": "integer"
                        },
                        "stageSlaExpirationUnixTimeInMs": {
                          "type": "integer"
                        },
                        "stageSlaCriticalExpirationUnixTimeInMs": {
                          "type": "integer"
                        },
                        "canOpenIncident": {
                          "type": "boolean"
                        },
                        "sla": {
                          "type": "object",
                          "properties": {
                            "slaExpirationTime": {
                              "type": "integer"
                            },
                            "criticalExpirationTime": {
                              "type": "integer"
                            },
                            "expirationStatus": {
                              "type": "integer"
                            },
                            "remainingTimeSinceLastPause": {
                              "type": "integer"
                            }
                          }
                        },
                        "stageSla": {
                          "type": "object",
                          "properties": {
                            "slaExpirationTime": {
                              "type": "integer"
                            },
                            "criticalExpirationTime": {
                              "type": "integer"
                            },
                            "expirationStatus": {
                              "type": "integer"
                            },
                            "remainingTimeSinceLastPause": {
                              "type": "integer"
                            }
                          }
                        },
                        "relatedAlertTicketId": {
                          "type": "string"
                        }
                      }
                    },
                    "events": {
                      "type": "array",
                      "items": [
                        {
                          "type": "object",
                          "properties": {
                            "identifier": {
                              "type": "string"
                            },
                            "caseId": {
                              "type": "integer"
                            },
                            "alertIdentifier": {
                              "type": "string"
                            },
                            "name": {
                              "type": "string"
                            },
                            "product": {
                              "type": "string"
                            },
                            "port": {
                              "type": "string"
                            },
                            "sourceSystemName": {
                              "type": "string"
                            },
                            "outcome": {
                              "type": "string"
                            },
                            "time": {
                              "type": "integer"
                            },
                            "type": {
                              "type": "string"
                            },
                            "artifactEntities": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "fields": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "object",
                                  "properties": {
                                    "order": {
                                      "type": "integer"
                                    },
                                    "groupName": {
                                      "type": "string"
                                    },
                                    "isIntegration": {
                                      "type": "boolean"
                                    },
                                    "isHighlight": {
                                      "type": "boolean"
                                    },
                                    "items": {
                                      "type": "array",
                                      "items": [
                                        {
                                          "type": "object",
                                          "properties": {
                                            "originalName": {
                                              "type": "string"
                                            },
                                            "name": {
                                              "type": "string"
                                            },
                                            "value": {
                                              "type": "string"
                                            }
                                          }
                                        }
                                      ]
                                    }
                                  }
                                }
                              ]
                            }
                          }
                        }
                      ]
                    },
                    "accountId": {
                      "type": "string"
                    },
                    "region": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.multiplexer.cases.events.get"
      }
    },
    "/nebula/v1/casemgmt/multiplexer/metrics": {
      "get": {
        "description": "Get multiplexer metrics",
        "summary": "Get multiplexer metrics",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "timeFilter",
            "required": false,
            "in": "query",
            "description": "time filter",
            "schema": {
              "type": "string",
              "enum": [
                "custom",
                "last_day",
                "last_2_days",
                "last_3_days",
                "last_week",
                "last_2_weeks",
                "last_month",
                "last_3_months",
                "last_6_months",
                "last_year"
              ]
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Multiplexer cases metrics response",
                  "examples": [
                    {
                      "secops": {
                        "closed": {
                          "series": [
                            {
                              "identifier": null,
                              "name": "Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783134,
                              "modificationTimeUnixTimeInMs": 1725967783134
                            },
                            {
                              "identifier": null,
                              "name": "Alerts",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783134,
                              "modificationTimeUnixTimeInMs": 1725967783134
                            },
                            {
                              "identifier": null,
                              "name": "Important Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783134,
                              "modificationTimeUnixTimeInMs": 1725967783134
                            },
                            {
                              "identifier": null,
                              "name": "Cases Exceeded SLA",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783134,
                              "modificationTimeUnixTimeInMs": 1725967783134
                            },
                            {
                              "identifier": null,
                              "name": "Incidents",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783134,
                              "modificationTimeUnixTimeInMs": 1725967783134
                            }
                          ]
                        },
                        "awaiting_customer_response": {
                          "series": [
                            {
                              "identifier": null,
                              "name": "Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783113,
                              "modificationTimeUnixTimeInMs": 1725967783113
                            },
                            {
                              "identifier": null,
                              "name": "Alerts",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783113,
                              "modificationTimeUnixTimeInMs": 1725967783113
                            },
                            {
                              "identifier": null,
                              "name": "Important Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783113,
                              "modificationTimeUnixTimeInMs": 1725967783113
                            },
                            {
                              "identifier": null,
                              "name": "Cases Exceeded SLA",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783113,
                              "modificationTimeUnixTimeInMs": 1725967783113
                            },
                            {
                              "identifier": null,
                              "name": "Incidents",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783113,
                              "modificationTimeUnixTimeInMs": 1725967783113
                            }
                          ]
                        }
                      },
                      "us": {
                        "closed": {
                          "series": [
                            {
                              "identifier": null,
                              "name": "Cases",
                              "values": [
                                "2"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783044,
                              "modificationTimeUnixTimeInMs": 1725967783044
                            },
                            {
                              "identifier": null,
                              "name": "Alerts",
                              "values": [
                                "8"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783044,
                              "modificationTimeUnixTimeInMs": 1725967783044
                            },
                            {
                              "identifier": null,
                              "name": "Important Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783044,
                              "modificationTimeUnixTimeInMs": 1725967783044
                            },
                            {
                              "identifier": null,
                              "name": "Cases Exceeded SLA",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783044,
                              "modificationTimeUnixTimeInMs": 1725967783044
                            },
                            {
                              "identifier": null,
                              "name": "Incidents",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783044,
                              "modificationTimeUnixTimeInMs": 1725967783044
                            }
                          ]
                        },
                        "awaiting_customer_response": {
                          "series": [
                            {
                              "identifier": null,
                              "name": "Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783039,
                              "modificationTimeUnixTimeInMs": 1725967783039
                            },
                            {
                              "identifier": null,
                              "name": "Alerts",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783039,
                              "modificationTimeUnixTimeInMs": 1725967783039
                            },
                            {
                              "identifier": null,
                              "name": "Important Cases",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783039,
                              "modificationTimeUnixTimeInMs": 1725967783039
                            },
                            {
                              "identifier": null,
                              "name": "Cases Exceeded SLA",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783039,
                              "modificationTimeUnixTimeInMs": 1725967783039
                            },
                            {
                              "identifier": null,
                              "name": "Incidents",
                              "values": [
                                "0"
                              ],
                              "seriesType": 0,
                              "entity": null,
                              "text": null,
                              "environments": null,
                              "id": 0,
                              "creationTimeUnixTimeInMs": 1725967783039,
                              "modificationTimeUnixTimeInMs": 1725967783039
                            }
                          ]
                        }
                      }
                    }
                  ],
                  "patternProperties": {
                    "^us|emea|secops$": {
                      "type": "object",
                      "patternProperties": {
                        "^[\\s\\S]+$": {
                          "type": "object",
                          "properties": {
                            "series": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "identifier": {
                                    "type": [
                                      "string",
                                      "null"
                                    ]
                                  },
                                  "name": {
                                    "type": "string"
                                  },
                                  "values": {
                                    "type": "array",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "seriesType": {
                                    "type": "integer"
                                  },
                                  "entity": {
                                    "type": [
                                      "string",
                                      "null"
                                    ]
                                  },
                                  "text": {
                                    "type": [
                                      "string",
                                      "null"
                                    ]
                                  },
                                  "environments": {
                                    "type": [
                                      "array",
                                      "null"
                                    ]
                                  },
                                  "id": {
                                    "type": "integer"
                                  },
                                  "creationTimeUnixTimeInMs": {
                                    "type": "integer"
                                  },
                                  "modificationTimeUnixTimeInMs": {
                                    "type": "integer"
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.multiplexer.metrics.get"
      }
    },
    "/nebula/v1/casemgmt/cases/requests": {
      "post": {
        "description": "Post cases Requests",
        "summary": "Post cases Requests",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          },
          {
            "name": "region",
            "required": true,
            "in": "query",
            "description": "Region",
            "schema": {
              "type": "string",
              "enum": [
                "us",
                "emea",
                "secops"
              ]
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Post Case Requests",
                "required": [
                  "caseNumber",
                  "priority",
                  "description",
                  "environment"
                ],
                "properties": {
                  "caseNumber": {
                    "type": "number",
                    "title": "caseNumber"
                  },
                  "priority": {
                    "type": "string",
                    "title": "priority",
                    "enum": [
                      "Low",
                      "Medium",
                      "High",
                      "Critical",
                      "Informative"
                    ]
                  },
                  "description": {
                    "type": "string",
                    "title": "description"
                  },
                  "environment": {
                    "type": "string",
                    "title": "environment"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "boolean"
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.requests.post"
      }
    },
    "/nebula/v1/casemgmt/cases/search": {
      "post": {
        "description": "Post cases search",
        "summary": "Post cases search",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Post Case search",
                "required": [
                  "environments",
                  "region"
                ],
                "properties": {
                  "region": {
                    "type": "string",
                    "title": "region"
                  },
                  "environments": {
                    "type": "array",
                    "title": "environments"
                  },
                  "startTime": {
                    "type": "string",
                    "title": "startTime"
                  },
                  "endTime": {
                    "type": "string",
                    "title": "endTime"
                  },
                  "pageSize": {
                    "type": "number",
                    "title": "pageSize"
                  },
                  "requestedPage": {
                    "type": "number",
                    "title": "requestedPage"
                  },
                  "caseSource": {
                    "type": "string",
                    "title": "caseSource",
                    "enum": [
                      "system",
                      "manual",
                      "test"
                    ]
                  },
                  "tags": {
                    "type": "array",
                    "title": "tags"
                  },
                  "priorities": {
                    "type": "array",
                    "title": "priorities"
                  },
                  "importance": {
                    "type": "boolean",
                    "title": "importance"
                  },
                  "incident": {
                    "type": "boolean",
                    "title": "incident"
                  },
                  "assignedUsers": {
                    "type": "array",
                    "title": "assignedUsers"
                  },
                  "externalAlertId": {
                    "type": "string",
                    "title": "externalAlertId"
                  },
                  "products": {
                    "type": "array",
                    "title": "products"
                  },
                  "ports": {
                    "type": "array",
                    "title": "ports"
                  },
                  "title": {
                    "type": "string",
                    "title": "title"
                  },
                  "involvedEntity": {
                    "type": "string",
                    "title": "involvedEntity"
                  },
                  "caseComment": {
                    "type": "string",
                    "title": "caseComment"
                  },
                  "categoryOutcomes": {
                    "type": "string",
                    "title": "categoryOutcomes",
                    "enum": [
                      "Allowed",
                      "Blocked"
                    ]
                  },
                  "stage": {
                    "type": "string",
                    "title": "stage",
                    "enum": [
                      "triage",
                      "assessment",
                      "investigation",
                      "incident",
                      "improvement",
                      "research"
                    ]
                  },
                  "ruleGenerator": {
                    "type": "array",
                    "title": "ruleGenerator"
                  },
                  "isCaseClosed": {
                    "type": "boolean",
                    "title": "isCaseClosed"
                  },
                  "closeReason": {
                    "type": "string",
                    "title": "closeReason",
                    "enum": [
                      "malicious",
                      "not_malicious",
                      "maintenance",
                      "inconclusive",
                      "unknown"
                    ]
                  },
                  "timeRangeFilter": {
                    "type": "string",
                    "title": "timeRangeFilter",
                    "enum": [
                      "custom",
                      "last_day",
                      "last_2_days",
                      "last_3_days",
                      "last_week",
                      "last_2_weeks",
                      "last_month",
                      "last_3_months",
                      "last_6_months",
                      "last_year"
                    ]
                  },
                  "sortBy": {
                    "type": "object",
                    "title": "Sorting",
                    "properties": {
                      "sortBy": {
                        "type": "string",
                        "title": "The sortby field",
                        "enum": [
                          "id",
                          "title",
                          "time",
                          "user_assigned",
                          "is_important",
                          "is_incident",
                          "involved_suspicious_entity",
                          "is_case_closed",
                          "environment",
                          "priority",
                          "stage"
                        ]
                      },
                      "sortOrder": {
                        "type": "string",
                        "title": "The sort order asc or desc",
                        "enum": [
                          "desc",
                          "asc"
                        ]
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Post cases search response",
                  "examples": [
                    {
                      "results": [
                        {
                          "id": 1,
                          "title": "Swati test",
                          "time": "2022-08-05T16:24:24.829Z",
                          "closingTime": "2024-04-10T07:55:10.39Z",
                          "tags": [
                            "Manual Case"
                          ],
                          "products": [],
                          "alertNames": [],
                          "ticketIds": [
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||fec957fb-8404-57e2-bfc7-98382f9adc99",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||11b8f173-a966-5f40-9be3-98fb142a0bfd",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||77035722-2187-5219-ad26-5774768ac69c",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||d6c9defd-769f-5c3b-a9d9-d5cc2c2def3b",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||c679f20f-2d8d-54b5-95c1-be6d5c333984",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||2eacbaa8-f975-50fc-bac0-4193a560e46a",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568072",
                            "23c7cf8b-8336-43c2-82f5-853ec1e8c77f||8458e6b9-5682-449e-9825-cb2266cd3bc1||Roho-casemgmt||3568074"
                          ],
                          "eventNames": [],
                          "sources": [],
                          "destinations": [],
                          "artificats": [],
                          "ports": [],
                          "outcomes": [],
                          "userAssigned": "Rohin Sambath Kumar",
                          "isImportant": false,
                          "isIncident": false,
                          "involvedSuspiciousEntity": false,
                          "isCaseClosed": true,
                          "environment": "IYABoAyLQ MSP - Dev Site MDR1",
                          "priority": 40,
                          "stage": "Triage",
                          "closeReason": "NotMalicious",
                          "rootCause": "Human error",
                          "alertsCount": 1,
                          "updated_at": 1726750609684,
                          "endpoint_info": {
                            "machine_id": "8458e6b9-5682-449e-9825-cb2266cd3bc1",
                            "machine_name": "Roho-casemgmt"
                          }
                        }
                      ],
                      "totalCount": 1,
                      "pageNumber": 0,
                      "pageSize": 0
                    }
                  ],
                  "properties": {
                    "results": {
                      "type": "array",
                      "items": [
                        {
                          "type": "object",
                          "properties": {
                            "id": {
                              "type": "integer"
                            },
                            "title": {
                              "type": "string"
                            },
                            "time": {
                              "type": "string"
                            },
                            "closingTime": {
                              "type": "string"
                            },
                            "tags": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "products": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "alertNames": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "ticketIds": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "eventNames": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "sources": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "destinations": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "artificats": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "ports": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "outcomes": {
                              "type": "array",
                              "items": [
                                {
                                  "type": "string"
                                }
                              ]
                            },
                            "userAssigned": {
                              "type": "string"
                            },
                            "isImportant": {
                              "type": "boolean"
                            },
                            "isIncident": {
                              "type": "boolean"
                            },
                            "involvedSuspiciousEntity": {
                              "type": "boolean"
                            },
                            "isCaseClosed": {
                              "type": "boolean"
                            },
                            "environment": {
                              "type": "string"
                            },
                            "priority": {
                              "type": "integer"
                            },
                            "stage": {
                              "type": "string"
                            },
                            "closeReason": {
                              "type": "string"
                            },
                            "rootCause": {
                              "type": "string"
                            },
                            "alertsCount": {
                              "type": "integer"
                            },
                            "updated_at": {
                              "type": "integer"
                            },
                            "endpoint_info": {
                              "type": "object",
                              "properties": {
                                "machine_id": {
                                  "type": "string"
                                },
                                "machine_name": {
                                  "type": "string"
                                }
                              }
                            }
                          }
                        }
                      ]
                    },
                    "totalCount": {
                      "type": "integer"
                    },
                    "pageNumber": {
                      "type": "integer"
                    },
                    "pageSize": {
                      "type": "integer"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.search.post"
      }
    },
    "/nebula/v1/casemgmt/cases/favorite": {
      "put": {
        "description": "Mark case as favorite",
        "summary": "Mark case as favorite",
        "security": [
          {
            "client_credentials": [
              "write"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Put Case favorite",
                "required": [
                  "isFavorite",
                  "recordId",
                  "type",
                  "activityKind"
                ],
                "properties": {
                  "isFavorite": {
                    "type": "boolean",
                    "title": "isFavorite"
                  },
                  "recordId": {
                    "type": "integer",
                    "title": "recordId"
                  },
                  "type": {
                    "type": "integer",
                    "title": "type"
                  },
                  "activityKind": {
                    "type": "integer",
                    "title": "activityKind"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "string",
                  "title": "put cases favorite response"
                }
              }
            }
          }
        },
        "tags": [
          "Case Management"
        ],
        "operationId": "api.nebula.casemgmt.cases.favorite.put"
      }
    },
    "/nebula/v1/remediation/remediate": {
      "delete": {
        "description": "Mark remidiation items as safe accross the machines",
        "summary": "Mark remidiation items as safe",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$schema": "http://json-schema.org/draft-07/schema#",
                "type": "object",
                "description": "Mark remidiations as safe accross endpoints",
                "required": [
                  "items"
                ],
                "examples": [
                  {
                    "items": {
                      "6f47dfb6-02e1-4f60-863f-11bcf41a8456": [
                        "6f47bfb6-02e1-4f60-863f-11bcf41a8456"
                      ]
                    }
                  }
                ],
                "properties": {
                  "groups": {
                    "type": "array",
                    "items": {
                      "type": "object",
                      "title": "Search remediation",
                      "properties": {
                        "fields": {
                          "type": "array",
                          "title": "Specify which fields will be included in the response",
                          "items": {
                            "enum": [
                              "id",
                              "account_id",
                              "machine_id",
                              "path",
                              "job_id",
                              "scanned_at",
                              "threat_name",
                              "status",
                              "category",
                              "type",
                              "options",
                              "machine_name",
                              "group_id",
                              "group_name",
                              "policy_id",
                              "policy_name",
                              "account_name",
                              "online"
                            ],
                            "type": "string"
                          },
                          "default": [
                            "id",
                            "account_id",
                            "machine_id",
                            "path",
                            "job_id",
                            "scanned_at",
                            "threat_name",
                            "status",
                            "category",
                            "type",
                            "options"
                          ]
                        },
                        "sort_field": {
                          "type": "string",
                          "title": "Sort field",
                          "enum": [
                            "scanned_at"
                          ],
                          "default": "scanned_at"
                        },
                        "sort_order": {
                          "type": "string",
                          "title": "Whether sorting should be ascending or descending",
                          "enum": [
                            "asc",
                            "desc"
                          ],
                          "default": "desc"
                        },
                        "page_size": {
                          "type": "number",
                          "title": "The page size",
                          "minimum": 0,
                          "maximum": 2000
                        },
                        "next_cursor": {
                          "type": "string",
                          "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                          "examples": [
                            "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                          ]
                        },
                        "constraints": {
                          "type": "array",
                          "title": "remediation constraints",
                          "items": {
                            "title": "Remediation Constraints",
                            "type": "object",
                            "oneOf": [
                              {
                                "title": "String (Equals, Not Equals) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "oneOf": [
                                      {
                                        "type": "string",
                                        "title": "Remediation UID String Fields",
                                        "enum": [
                                          "id",
                                          "machine_id",
                                          "policy_id",
                                          "group_id",
                                          "job_id"
                                        ]
                                      },
                                      {
                                        "title": "Remediation Simple String Fields",
                                        "type": "string",
                                        "enum": [
                                          "account_name",
                                          "group_name",
                                          "machine_name",
                                          "policy_name",
                                          "threat_name",
                                          "path",
                                          "category",
                                          "status",
                                          "type"
                                        ]
                                      }
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "equals",
                                      "not_equals"
                                    ]
                                  },
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "title": "Value to search",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "case_insensitive": {
                                    "type": "boolean",
                                    "default": false
                                  }
                                },
                                "if": {
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "title": "Remediation UID String Fields",
                                      "enum": [
                                        "id",
                                        "machine_id",
                                        "policy_id",
                                        "group_id",
                                        "job_id"
                                      ]
                                    }
                                  }
                                },
                                "then": {
                                  "properties": {
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "uuid",
                                      "items": {
                                        "type": "string",
                                        "format": "uuid"
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "String (Contains, Not Contains) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "title": "Remediation Simple String Fields",
                                    "type": "string",
                                    "enum": [
                                      "account_name",
                                      "group_name",
                                      "machine_name",
                                      "policy_name",
                                      "threat_name",
                                      "path",
                                      "category",
                                      "status",
                                      "type"
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "contains",
                                      "not_contains"
                                    ]
                                  },
                                  "value": {
                                    "type": "string",
                                    "title": "Value to search"
                                  },
                                  "case_insensitive": {
                                    "type": "boolean",
                                    "default": false
                                  }
                                }
                              },
                              {
                                "title": "Boolean (Equals) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "oneOf": [
                                      {
                                        "type": "string",
                                        "title": "Remediation Boolean Fields"
                                      }
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "equals"
                                    ]
                                  },
                                  "value": {
                                    "title": "Value to search. Must be true or false",
                                    "type": "boolean"
                                  }
                                }
                              },
                              {
                                "title": "Date (start, end) Constraints",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Remediation Date Fields",
                                    "enum": [
                                      "scanned_at"
                                    ]
                                  }
                                },
                                "oneOf": [
                                  {
                                    "minProperties": 1,
                                    "title": "Specify Date Range",
                                    "not": {
                                      "anyOf": [
                                        {
                                          "required": [
                                            "operator"
                                          ]
                                        },
                                        {
                                          "required": [
                                            "value"
                                          ]
                                        }
                                      ]
                                    },
                                    "properties": {
                                      "start": {
                                        "type": "string",
                                        "format": "date-time",
                                        "title": "Start Date"
                                      },
                                      "end": {
                                        "type": "string",
                                        "format": "date-time",
                                        "title": "End Date"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Specify Exact Date",
                                    "not": {
                                      "anyOf": [
                                        {
                                          "required": [
                                            "start"
                                          ]
                                        },
                                        {
                                          "required": [
                                            "end"
                                          ]
                                        }
                                      ]
                                    },
                                    "required": [
                                      "operator",
                                      "value"
                                    ],
                                    "properties": {
                                      "operator": {
                                        "type": "string",
                                        "enum": [
                                          "equals"
                                        ]
                                      },
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "date-time",
                                        "title": "Value to search",
                                        "items": {
                                          "format": "date-time"
                                        }
                                      }
                                    }
                                  }
                                ]
                              }
                            ]
                          }
                        }
                      }
                    }
                  },
                  "items": {
                    "type": "object",
                    "patternProperties": {
                      "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": {
                        "type": "array",
                        "minimum": 0,
                        "items": {
                          "type": "string"
                        }
                      }
                    }
                  }
                },
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema#",
                  "title": "Response schema for mark as safe",
                  "type": "object",
                  "properties": {
                    "success": {
                      "description": "Machine IDs affected",
                      "type": "array",
                      "items": {
                        "type": "string"
                      }
                    },
                    "errors": {
                      "description": "Optional, sent only when an error occurs",
                      "type": "array",
                      "items": {
                        "type": "string"
                      }
                    },
                    "total_count": {
                      "type": "number"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Remediation"
        ],
        "operationId": "api.nebula.delete.remediate"
      },
      "post": {
        "description": "Issue remidiation jobs accross the machines",
        "summary": "Bulk remidiation action",
        "security": [
          {
            "client_credentials": [
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$schema": "http://json-schema.org/draft-07/schema#",
                "type": "object",
                "description": "Issue remidiation jobs accross endpoints",
                "required": [
                  "items"
                ],
                "examples": [
                  {
                    "items": {
                      "6f47dfb6-02e1-4f60-863f-11bcf41a8456": [
                        "6f47bfb6-02e1-4f60-863f-11bcf41a8456"
                      ]
                    }
                  }
                ],
                "properties": {
                  "groups": {
                    "type": "array",
                    "items": {
                      "type": "object",
                      "title": "Search remediation",
                      "properties": {
                        "fields": {
                          "type": "array",
                          "title": "Specify which fields will be included in the response",
                          "items": {
                            "enum": [
                              "id",
                              "account_id",
                              "machine_id",
                              "path",
                              "job_id",
                              "scanned_at",
                              "threat_name",
                              "status",
                              "category",
                              "type",
                              "options",
                              "machine_name",
                              "group_id",
                              "group_name",
                              "policy_id",
                              "policy_name",
                              "account_name",
                              "online"
                            ],
                            "type": "string"
                          },
                          "default": [
                            "id",
                            "account_id",
                            "machine_id",
                            "path",
                            "job_id",
                            "scanned_at",
                            "threat_name",
                            "status",
                            "category",
                            "type",
                            "options"
                          ]
                        },
                        "sort_field": {
                          "type": "string",
                          "title": "Sort field",
                          "enum": [
                            "scanned_at"
                          ],
                          "default": "scanned_at"
                        },
                        "sort_order": {
                          "type": "string",
                          "title": "Whether sorting should be ascending or descending",
                          "enum": [
                            "asc",
                            "desc"
                          ],
                          "default": "desc"
                        },
                        "page_size": {
                          "type": "number",
                          "title": "The page size",
                          "minimum": 0,
                          "maximum": 2000
                        },
                        "next_cursor": {
                          "type": "string",
                          "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                          "examples": [
                            "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                          ]
                        },
                        "constraints": {
                          "type": "array",
                          "title": "remediation constraints",
                          "items": {
                            "title": "Remediation Constraints",
                            "type": "object",
                            "oneOf": [
                              {
                                "title": "String (Equals, Not Equals) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "oneOf": [
                                      {
                                        "type": "string",
                                        "title": "Remediation UID String Fields",
                                        "enum": [
                                          "id",
                                          "machine_id",
                                          "policy_id",
                                          "group_id",
                                          "job_id"
                                        ]
                                      },
                                      {
                                        "title": "Remediation Simple String Fields",
                                        "type": "string",
                                        "enum": [
                                          "account_name",
                                          "group_name",
                                          "machine_name",
                                          "policy_name",
                                          "threat_name",
                                          "path",
                                          "category",
                                          "status",
                                          "type"
                                        ]
                                      }
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "equals",
                                      "not_equals"
                                    ]
                                  },
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "title": "Value to search",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "case_insensitive": {
                                    "type": "boolean",
                                    "default": false
                                  }
                                },
                                "if": {
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "title": "Remediation UID String Fields",
                                      "enum": [
                                        "id",
                                        "machine_id",
                                        "policy_id",
                                        "group_id",
                                        "job_id"
                                      ]
                                    }
                                  }
                                },
                                "then": {
                                  "properties": {
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "uuid",
                                      "items": {
                                        "type": "string",
                                        "format": "uuid"
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "String (Contains, Not Contains) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "title": "Remediation Simple String Fields",
                                    "type": "string",
                                    "enum": [
                                      "account_name",
                                      "group_name",
                                      "machine_name",
                                      "policy_name",
                                      "threat_name",
                                      "path",
                                      "category",
                                      "status",
                                      "type"
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "contains",
                                      "not_contains"
                                    ]
                                  },
                                  "value": {
                                    "type": "string",
                                    "title": "Value to search"
                                  },
                                  "case_insensitive": {
                                    "type": "boolean",
                                    "default": false
                                  }
                                }
                              },
                              {
                                "title": "Boolean (Equals) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "oneOf": [
                                      {
                                        "type": "string",
                                        "title": "Remediation Boolean Fields"
                                      }
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "equals"
                                    ]
                                  },
                                  "value": {
                                    "title": "Value to search. Must be true or false",
                                    "type": "boolean"
                                  }
                                }
                              },
                              {
                                "title": "Date (start, end) Constraints",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Remediation Date Fields",
                                    "enum": [
                                      "scanned_at"
                                    ]
                                  }
                                },
                                "oneOf": [
                                  {
                                    "minProperties": 1,
                                    "title": "Specify Date Range",
                                    "not": {
                                      "anyOf": [
                                        {
                                          "required": [
                                            "operator"
                                          ]
                                        },
                                        {
                                          "required": [
                                            "value"
                                          ]
                                        }
                                      ]
                                    },
                                    "properties": {
                                      "start": {
                                        "type": "string",
                                        "format": "date-time",
                                        "title": "Start Date"
                                      },
                                      "end": {
                                        "type": "string",
                                        "format": "date-time",
                                        "title": "End Date"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Specify Exact Date",
                                    "not": {
                                      "anyOf": [
                                        {
                                          "required": [
                                            "start"
                                          ]
                                        },
                                        {
                                          "required": [
                                            "end"
                                          ]
                                        }
                                      ]
                                    },
                                    "required": [
                                      "operator",
                                      "value"
                                    ],
                                    "properties": {
                                      "operator": {
                                        "type": "string",
                                        "enum": [
                                          "equals"
                                        ]
                                      },
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "date-time",
                                        "title": "Value to search",
                                        "items": {
                                          "format": "date-time"
                                        }
                                      }
                                    }
                                  }
                                ]
                              }
                            ]
                          }
                        }
                      }
                    }
                  },
                  "items": {
                    "type": "object",
                    "patternProperties": {
                      "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": {
                        "type": "array",
                        "minimum": 0,
                        "items": {
                          "type": "string"
                        }
                      }
                    }
                  }
                },
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "201": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "title": "Create job response",
                  "required": [
                    "jobs",
                    "total_count"
                  ],
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "title": "List of jobs",
                      "items": {
                        "type": "object",
                        "title": "Job items",
                        "required": [
                          "machine_id",
                          "job_id"
                        ],
                        "properties": {
                          "machine_id": {
                            "type": "string",
                            "title": "The ID of the endpoint onto which the job was issued (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "job_id": {
                            "type": "string",
                            "title": "The ID of the job. You can use this ID to retrieve additional informations about the job and track its progress, as well as use it as a reference to handle webhooks notifications (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          }
                        }
                      }
                    },
                    "errors": {
                      "type": "array",
                      "title": "tasks not performed",
                      "items": {
                        "type": "object",
                        "title": "Endpoint ID",
                        "additionalProperties": true,
                        "properties": {
                          "id": {
                            "type": "string",
                            "title": "Machine ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_id": {
                            "type": "string",
                            "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                            "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                            "examples": [
                              "9256034b-7967-4253-a5d9-260663e4fa4f"
                            ]
                          },
                          "account_ids": {
                            "type": "array",
                            "title": "Account IDs",
                            "items": {
                              "type": "string",
                              "title": "Account ID (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
                              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$",
                              "examples": [
                                "9256034b-7967-4253-a5d9-260663e4fa4f"
                              ]
                            }
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "The total number of issued jobs"
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Remediation"
        ],
        "operationId": "api.nebula.post.remediate"
      }
    },
    "/nebula/v1/remediation/export": {
      "post": {
        "description": "Export remidiation Items",
        "summary": "Export remidiation Items",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Export request",
                "required": [
                  "select",
                  "format",
                  "groups"
                ],
                "properties": {
                  "groups": {
                    "type": "array",
                    "items": {
                      "type": "object",
                      "title": "Search remediation",
                      "properties": {
                        "fields": {
                          "type": "array",
                          "title": "Specify which fields will be included in the response",
                          "items": {
                            "enum": [
                              "id",
                              "account_id",
                              "machine_id",
                              "path",
                              "job_id",
                              "scanned_at",
                              "threat_name",
                              "status",
                              "category",
                              "type",
                              "options",
                              "machine_name",
                              "group_id",
                              "group_name",
                              "policy_id",
                              "policy_name",
                              "account_name",
                              "online"
                            ],
                            "type": "string"
                          },
                          "default": [
                            "id",
                            "account_id",
                            "machine_id",
                            "path",
                            "job_id",
                            "scanned_at",
                            "threat_name",
                            "status",
                            "category",
                            "type",
                            "options"
                          ]
                        },
                        "sort_field": {
                          "type": "string",
                          "title": "Sort field",
                          "enum": [
                            "scanned_at"
                          ],
                          "default": "scanned_at"
                        },
                        "sort_order": {
                          "type": "string",
                          "title": "Whether sorting should be ascending or descending",
                          "enum": [
                            "asc",
                            "desc"
                          ],
                          "default": "desc"
                        },
                        "page_size": {
                          "type": "number",
                          "title": "The page size",
                          "minimum": 0,
                          "maximum": 2000
                        },
                        "next_cursor": {
                          "type": "string",
                          "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                          "examples": [
                            "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                          ]
                        },
                        "constraints": {
                          "type": "array",
                          "title": "remediation constraints",
                          "items": {
                            "title": "Remediation Constraints",
                            "type": "object",
                            "oneOf": [
                              {
                                "title": "String (Equals, Not Equals) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "oneOf": [
                                      {
                                        "type": "string",
                                        "title": "Remediation UID String Fields",
                                        "enum": [
                                          "id",
                                          "machine_id",
                                          "policy_id",
                                          "group_id",
                                          "job_id"
                                        ]
                                      },
                                      {
                                        "title": "Remediation Simple String Fields",
                                        "type": "string",
                                        "enum": [
                                          "account_name",
                                          "group_name",
                                          "machine_name",
                                          "policy_name",
                                          "threat_name",
                                          "path",
                                          "category",
                                          "status",
                                          "type"
                                        ]
                                      }
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "equals",
                                      "not_equals"
                                    ]
                                  },
                                  "value": {
                                    "type": [
                                      "string",
                                      "array"
                                    ],
                                    "title": "Value to search",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  "case_insensitive": {
                                    "type": "boolean",
                                    "default": false
                                  }
                                },
                                "if": {
                                  "properties": {
                                    "field": {
                                      "type": "string",
                                      "title": "Remediation UID String Fields",
                                      "enum": [
                                        "id",
                                        "machine_id",
                                        "policy_id",
                                        "group_id",
                                        "job_id"
                                      ]
                                    }
                                  }
                                },
                                "then": {
                                  "properties": {
                                    "value": {
                                      "type": [
                                        "string",
                                        "array"
                                      ],
                                      "format": "uuid",
                                      "items": {
                                        "type": "string",
                                        "format": "uuid"
                                      }
                                    }
                                  }
                                }
                              },
                              {
                                "title": "String (Contains, Not Contains) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "title": "Remediation Simple String Fields",
                                    "type": "string",
                                    "enum": [
                                      "account_name",
                                      "group_name",
                                      "machine_name",
                                      "policy_name",
                                      "threat_name",
                                      "path",
                                      "category",
                                      "status",
                                      "type"
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "contains",
                                      "not_contains"
                                    ]
                                  },
                                  "value": {
                                    "type": "string",
                                    "title": "Value to search"
                                  },
                                  "case_insensitive": {
                                    "type": "boolean",
                                    "default": false
                                  }
                                }
                              },
                              {
                                "title": "Boolean (Equals) Constraints",
                                "required": [
                                  "operator",
                                  "value"
                                ],
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "oneOf": [
                                      {
                                        "type": "string",
                                        "title": "Remediation Boolean Fields"
                                      }
                                    ]
                                  },
                                  "operator": {
                                    "type": "string",
                                    "description": "Operator to apply to the constraint",
                                    "enum": [
                                      "equals"
                                    ]
                                  },
                                  "value": {
                                    "title": "Value to search. Must be true or false",
                                    "type": "boolean"
                                  }
                                }
                              },
                              {
                                "title": "Date (start, end) Constraints",
                                "properties": {
                                  "field": {
                                    "type": "string",
                                    "title": "Remediation Date Fields",
                                    "enum": [
                                      "scanned_at"
                                    ]
                                  }
                                },
                                "oneOf": [
                                  {
                                    "minProperties": 1,
                                    "title": "Specify Date Range",
                                    "not": {
                                      "anyOf": [
                                        {
                                          "required": [
                                            "operator"
                                          ]
                                        },
                                        {
                                          "required": [
                                            "value"
                                          ]
                                        }
                                      ]
                                    },
                                    "properties": {
                                      "start": {
                                        "type": "string",
                                        "format": "date-time",
                                        "title": "Start Date"
                                      },
                                      "end": {
                                        "type": "string",
                                        "format": "date-time",
                                        "title": "End Date"
                                      }
                                    }
                                  },
                                  {
                                    "title": "Specify Exact Date",
                                    "not": {
                                      "anyOf": [
                                        {
                                          "required": [
                                            "start"
                                          ]
                                        },
                                        {
                                          "required": [
                                            "end"
                                          ]
                                        }
                                      ]
                                    },
                                    "required": [
                                      "operator",
                                      "value"
                                    ],
                                    "properties": {
                                      "operator": {
                                        "type": "string",
                                        "enum": [
                                          "equals"
                                        ]
                                      },
                                      "value": {
                                        "type": [
                                          "string",
                                          "array"
                                        ],
                                        "format": "date-time",
                                        "title": "Value to search",
                                        "items": {
                                          "format": "date-time"
                                        }
                                      }
                                    }
                                  }
                                ]
                              }
                            ]
                          }
                        }
                      }
                    }
                  },
                  "format": {
                    "type": "string",
                    "title": "The output file",
                    "enum": [
                      "csv",
                      "xlsx",
                      "html",
                      "ods",
                      "txt",
                      "rtf",
                      "json"
                    ]
                  },
                  "download": {
                    "type": "boolean",
                    "title": "Whether to instruct the client to download the response as a file. Only clients like browsers are supported"
                  },
                  "filename": {
                    "type": "string",
                    "title": "The name of the output file if download is set to true"
                  },
                  "type": {
                    "type": "string",
                    "title": "The encoding of the output",
                    "enum": [
                      "string",
                      "base64",
                      "binary"
                    ],
                    "default": "string"
                  },
                  "select": {
                    "type": "array",
                    "title": "Which fields to select from the response",
                    "items": {
                      "type": "object",
                      "title": "Field",
                      "properties": {
                        "newField": {
                          "type": "string",
                          "title": "the new value"
                        },
                        "field": {
                          "type": "string",
                          "title": "The response field to map to a new value",
                          "enum": [
                            "id",
                            "account_id",
                            "machine_id",
                            "path",
                            "job_id",
                            "scanned_at",
                            "threat_name",
                            "status",
                            "category",
                            "type",
                            "options",
                            "machine_name",
                            "group_id",
                            "group_name",
                            "policy_id",
                            "policy_name",
                            "account_name"
                          ]
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {},
        "tags": [
          "Remediation"
        ],
        "operationId": "api.nebula.export.remediation"
      }
    },
    "/nebula/v1/remediation/search": {
      "post": {
        "description": "Search all remidiation Items scoped by account. It's possible to add some constraints to filter the result",
        "summary": "Search remidiation Items",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "title": "Search remediation",
                "properties": {
                  "fields": {
                    "type": "array",
                    "title": "Specify which fields will be included in the response",
                    "items": {
                      "enum": [
                        "id",
                        "account_id",
                        "machine_id",
                        "path",
                        "job_id",
                        "scanned_at",
                        "threat_name",
                        "status",
                        "category",
                        "type",
                        "options",
                        "machine_name",
                        "group_id",
                        "group_name",
                        "policy_id",
                        "policy_name",
                        "account_name",
                        "online"
                      ],
                      "type": "string"
                    },
                    "default": [
                      "id",
                      "account_id",
                      "machine_id",
                      "path",
                      "job_id",
                      "scanned_at",
                      "threat_name",
                      "status",
                      "category",
                      "type",
                      "options"
                    ]
                  },
                  "sort_field": {
                    "type": "string",
                    "title": "Sort field",
                    "enum": [
                      "scanned_at"
                    ],
                    "default": "scanned_at"
                  },
                  "sort_order": {
                    "type": "string",
                    "title": "Whether sorting should be ascending or descending",
                    "enum": [
                      "asc",
                      "desc"
                    ],
                    "default": "desc"
                  },
                  "page_size": {
                    "type": "number",
                    "title": "The page size",
                    "minimum": 0,
                    "maximum": 2000
                  },
                  "next_cursor": {
                    "type": "string",
                    "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                    "examples": [
                      "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                    ]
                  },
                  "constraints": {
                    "type": "array",
                    "title": "remediation constraints",
                    "items": {
                      "title": "Remediation Constraints",
                      "type": "object",
                      "oneOf": [
                        {
                          "title": "String (Equals, Not Equals) Constraints",
                          "required": [
                            "operator",
                            "value"
                          ],
                          "properties": {
                            "field": {
                              "type": "string",
                              "oneOf": [
                                {
                                  "type": "string",
                                  "title": "Remediation UID String Fields",
                                  "enum": [
                                    "id",
                                    "machine_id",
                                    "policy_id",
                                    "group_id",
                                    "job_id"
                                  ]
                                },
                                {
                                  "title": "Remediation Simple String Fields",
                                  "type": "string",
                                  "enum": [
                                    "account_name",
                                    "group_name",
                                    "machine_name",
                                    "policy_name",
                                    "threat_name",
                                    "path",
                                    "category",
                                    "status",
                                    "type"
                                  ]
                                }
                              ]
                            },
                            "operator": {
                              "type": "string",
                              "description": "Operator to apply to the constraint",
                              "enum": [
                                "equals",
                                "not_equals"
                              ]
                            },
                            "value": {
                              "type": [
                                "string",
                                "array"
                              ],
                              "title": "Value to search",
                              "items": {
                                "type": "string"
                              }
                            },
                            "case_insensitive": {
                              "type": "boolean",
                              "default": false
                            }
                          },
                          "if": {
                            "properties": {
                              "field": {
                                "type": "string",
                                "title": "Remediation UID String Fields",
                                "enum": [
                                  "id",
                                  "machine_id",
                                  "policy_id",
                                  "group_id",
                                  "job_id"
                                ]
                              }
                            }
                          },
                          "then": {
                            "properties": {
                              "value": {
                                "type": [
                                  "string",
                                  "array"
                                ],
                                "format": "uuid",
                                "items": {
                                  "type": "string",
                                  "format": "uuid"
                                }
                              }
                            }
                          }
                        },
                        {
                          "title": "String (Contains, Not Contains) Constraints",
                          "required": [
                            "operator",
                            "value"
                          ],
                          "properties": {
                            "field": {
                              "title": "Remediation Simple String Fields",
                              "type": "string",
                              "enum": [
                                "account_name",
                                "group_name",
                                "machine_name",
                                "policy_name",
                                "threat_name",
                                "path",
                                "category",
                                "status",
                                "type"
                              ]
                            },
                            "operator": {
                              "type": "string",
                              "description": "Operator to apply to the constraint",
                              "enum": [
                                "contains",
                                "not_contains"
                              ]
                            },
                            "value": {
                              "type": "string",
                              "title": "Value to search"
                            },
                            "case_insensitive": {
                              "type": "boolean",
                              "default": false
                            }
                          }
                        },
                        {
                          "title": "Boolean (Equals) Constraints",
                          "required": [
                            "operator",
                            "value"
                          ],
                          "properties": {
                            "field": {
                              "type": "string",
                              "oneOf": [
                                {
                                  "type": "string",
                                  "title": "Remediation Boolean Fields"
                                }
                              ]
                            },
                            "operator": {
                              "type": "string",
                              "description": "Operator to apply to the constraint",
                              "enum": [
                                "equals"
                              ]
                            },
                            "value": {
                              "title": "Value to search. Must be true or false",
                              "type": "boolean"
                            }
                          }
                        },
                        {
                          "title": "Date (start, end) Constraints",
                          "properties": {
                            "field": {
                              "type": "string",
                              "title": "Remediation Date Fields",
                              "enum": [
                                "scanned_at"
                              ]
                            }
                          },
                          "oneOf": [
                            {
                              "minProperties": 1,
                              "title": "Specify Date Range",
                              "not": {
                                "anyOf": [
                                  {
                                    "required": [
                                      "operator"
                                    ]
                                  },
                                  {
                                    "required": [
                                      "value"
                                    ]
                                  }
                                ]
                              },
                              "properties": {
                                "start": {
                                  "type": "string",
                                  "format": "date-time",
                                  "title": "Start Date"
                                },
                                "end": {
                                  "type": "string",
                                  "format": "date-time",
                                  "title": "End Date"
                                }
                              }
                            },
                            {
                              "title": "Specify Exact Date",
                              "not": {
                                "anyOf": [
                                  {
                                    "required": [
                                      "start"
                                    ]
                                  },
                                  {
                                    "required": [
                                      "end"
                                    ]
                                  }
                                ]
                              },
                              "required": [
                                "operator",
                                "value"
                              ],
                              "properties": {
                                "operator": {
                                  "type": "string",
                                  "enum": [
                                    "equals"
                                  ]
                                },
                                "value": {
                                  "type": [
                                    "string",
                                    "array"
                                  ],
                                  "format": "date-time",
                                  "title": "Value to search",
                                  "items": {
                                    "format": "date-time"
                                  }
                                }
                              }
                            }
                          ]
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "$schema": "http://json-schema.org/draft-07/schema",
                  "type": "object",
                  "title": "Search remediations",
                  "description": "Search remediations",
                  "examples": [
                    {
                      "items": [
                        {
                          "id": "3b5e4696-408c-4d46-a94d-3fbe43d40596",
                          "account_id": "550a20b8-6d36-4222-afbc-54d100f2e894",
                          "machine_id": "9bf26c0e-5685-4a27-b096-42d51f1eb1b0",
                          "path": "C:\\Users\\Downloads\\administrator10\\sample_threat.exe",
                          "scanned_at": "2024-06-28T13:00:41.62367Z",
                          "threat_name": "Malware.AI.79000000000",
                          "status": "found",
                          "category": "Malware",
                          "type": [
                            "file"
                          ],
                          "options": 91,
                          "policy_id": "6b46ad91-ca97-4732-8665-81ee1d01f677",
                          "policy_name": "Default Policy",
                          "account_name": "Test-Account3",
                          "group_id": "f4b15520-3153-4956-be41-185c4a523cfc",
                          "group_name": "Default Group",
                          "machine_name": "Alma's Work Laptop",
                          "online": true
                        }
                      ],
                      "total_count": 1,
                      "next_cursor": ""
                    }
                  ],
                  "required": [
                    "items",
                    "total_count",
                    "next_cursor"
                  ],
                  "properties": {
                    "items": {
                      "type": "array",
                      "title": "List of remediation items",
                      "description": "List of remediation items.",
                      "items": {
                        "$schema": "http://json-schema.org/draft-07/schema#",
                        "title": "Remediation Item",
                        "type": "object",
                        "properties": {
                          "id": {
                            "type": "string"
                          },
                          "account_id": {
                            "type": "string"
                          },
                          "machine_id": {
                            "type": "string"
                          },
                          "path": {
                            "type": "string"
                          },
                          "scanned_at": {
                            "type": "string"
                          },
                          "threat_name": {
                            "type": "string"
                          },
                          "status": {
                            "type": "string"
                          },
                          "category": {
                            "type": "string"
                          },
                          "type": {
                            "type": "array",
                            "items": {
                              "type": "string"
                            }
                          },
                          "options": {
                            "type": "number"
                          },
                          "policy_id": {
                            "type": "string"
                          },
                          "policy_name": {
                            "type": "string"
                          },
                          "account_name": {
                            "type": "string"
                          },
                          "group_id": {
                            "type": "string"
                          },
                          "group_name": {
                            "type": "string"
                          },
                          "machine_name": {
                            "type": "string"
                          },
                          "online": {
                            "type": "boolean"
                          }
                        }
                      }
                    },
                    "total_count": {
                      "type": "integer",
                      "title": "Total count of items",
                      "description": "Total count of items",
                      "examples": [
                        1
                      ]
                    },
                    "next_cursor": {
                      "type": "string",
                      "title": "The pagination cursor for next set of results. For further documentation, check Pagination section.",
                      "examples": [
                        "eyJzdGFydF9pbmRleCI6MTAwfQ=="
                      ]
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Remediation"
        ],
        "operationId": "api.nebula.post.remediation-search"
      }
    },
    "/sam/assets/software": {
      "post": {
        "description": "Bulk issue software update jobs per machine id",
        "summary": "Issue bulk software update jobs",
        "security": [
          {
            "client_credentials": [
              "read",
              "execute"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth",
            "search_stateful"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "title": "Bulk update software",
                "description": "Allows to create several job `Software Update` by the `machine_id`",
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "application_name": {
                      "type": "string"
                    },
                    "architecture": {
                      "type": "string"
                    },
                    "current_version": {
                      "type": "string"
                    },
                    "new_version": {
                      "type": "string"
                    },
                    "product": {
                      "type": "integer"
                    },
                    "vendor": {
                      "type": "string"
                    },
                    "language": {
                      "type": "string"
                    },
                    "machine_id": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "jobs": {
                      "type": "array",
                      "items": {
                        "type": "object",
                        "properties": {
                          "machine_id": {
                            "type": "string"
                          },
                          "job_id": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "errors": {
                      "type": "array",
                      "items": {
                        "type": "string"
                      }
                    },
                    "total_count": {
                      "type": "integer"
                    }
                  },
                  "required": [
                    "jobs",
                    "errors",
                    "total_count"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Security Advisor"
        ],
        "operationId": "api.sam.assets.software"
      }
    },
    "/sam/details": {
      "get": {
        "description": "Get list of issues found by the Security Advisor Module",
        "summary": "List SAM issues",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "SAM Issues list",
                  "description": "Returns a list of ",
                  "type": "array",
                  "items": {
                    "type": "object",
                    "properties": {
                      "id": {
                        "type": "string"
                      },
                      "severity": {
                        "type": "string"
                      },
                      "factor": {
                        "type": "string"
                      },
                      "issueType": {
                        "type": "string"
                      },
                      "scoreImpactPercentage": {
                        "type": [
                          "number",
                          "integer"
                        ]
                      },
                      "status": {
                        "type": "string"
                      },
                      "recommendation": {
                        "type": "string"
                      },
                      "affectingCount": {
                        "type": "integer"
                      },
                      "affectingType": {
                        "type": "string"
                      },
                      "factorMetadata": {
                        "type": [
                          "object",
                          "null"
                        ],
                        "properties": {
                          "type": {
                            "type": "string"
                          },
                          "granularity": {
                            "type": "string"
                          },
                          "data": {
                            "type": "object",
                            "properties": {
                              "policyId": {
                                "type": "string"
                              },
                              "policyName": {
                                "type": "string"
                              },
                              "subcategories": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "groupId": {
                                "type": "string"
                              },
                              "groupName": {
                                "type": "string"
                              },
                              "subCategories": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "ruleName": {
                                "type": "string"
                              },
                              "ruleId": {
                                "type": "string"
                              },
                              "patchCount": {
                                "type": "integer"
                              },
                              "vulnerabilitiesCount": {
                                "type": "integer"
                              }
                            }
                          }
                        },
                        "required": [
                          "type",
                          "granularity",
                          "data"
                        ]
                      },
                      "issueAction": {
                        "type": "string"
                      }
                    },
                    "required": [
                      "id",
                      "severity",
                      "factor",
                      "issueType",
                      "scoreImpactPercentage",
                      "status",
                      "recommendation",
                      "affectingCount",
                      "affectingType"
                    ]
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Security Advisor"
        ],
        "operationId": "api.sam.details"
      }
    },
    "/sam/dns/categories": {
      "get": {
        "description": "Get list of supported DNS security categories with their code",
        "summary": "Get supported DNS categories",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "title": "DNS Security Categories supported",
                  "description": "Returns a list of DNS Security Categories supported by the Security Advisor Module",
                  "type": "array",
                  "items": {
                    "type": "object",
                    "properties": {
                      "name": {
                        "type": "string"
                      },
                      "enabled": {
                        "type": "boolean"
                      },
                      "code": {
                        "type": "integer"
                      }
                    },
                    "required": [
                      "name",
                      "enabled",
                      "code"
                    ]
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Security Advisor"
        ],
        "operationId": "api.sam.dns.categories"
      }
    },
    "/sam/jobs/status": {
      "post": {
        "description": "Get list of ongoing jobs that can potentially fix a SAM issue",
        "summary": "Get list of ongoing SAM jobs",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "array",
                  "items": {
                    "type": "object",
                    "properties": {
                      "machinesWithJobs": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        }
                      },
                      "affectedCount": {
                        "type": "integer"
                      },
                      "id": {
                        "type": "string"
                      },
                      "status": {
                        "type": "string"
                      },
                      "issue": {
                        "type": "string"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "tags": [
          "Security Advisor"
        ],
        "operationId": "api.sam.jobs.status"
      }
    },
    "/sam/policy/:policyId/details/{category}": {
      "get": {
        "description": "Get Policy protection features status according to given category",
        "summary": "Get Policy protection features",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "policyId": {
                      "type": "string"
                    },
                    "policyName": {
                      "type": "string"
                    },
                    "isDefault": {
                      "type": "boolean"
                    },
                    "endpointCount": {
                      "type": "integer"
                    },
                    "groupMetadata": {
                      "type": "object",
                      "properties": {
                        "count": {
                          "type": "integer"
                        },
                        "list": {
                          "type": "array",
                          "items": {
                            "type": "string"
                          }
                        }
                      },
                      "required": [
                        "count",
                        "list"
                      ]
                    },
                    "protectionSetting": {
                      "type": "object",
                      "properties": {
                        "MALWARE_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                },
                                "required": [
                                  "type",
                                  "enabled"
                                ]
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "WEB_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                },
                                "required": [
                                  "type",
                                  "enabled"
                                ]
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "EXPLOIT_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "BEHAVIOR_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "APP_BLOCK": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "SELF_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "AUTOMATIC_AGENT_UPDATES": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                },
                                "required": [
                                  "type",
                                  "enabled"
                                ]
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "UNPAUSED_AGENT_UPDATES": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "SERVICE_HEALTH_MONITORING": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "BRUTE_FORCE_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            },
                            "metadata": {
                              "type": "object",
                              "properties": {
                                "action": {
                                  "type": "string"
                                },
                                "policy_version": {
                                  "type": "integer"
                                },
                                "minutes_to_block": {
                                  "type": "integer"
                                },
                                "protected_protocols": {
                                  "type": "array",
                                  "items": {
                                    "type": "object",
                                    "properties": {
                                      "name": {
                                        "type": "string"
                                      },
                                      "ports": {
                                        "type": "array",
                                        "items": {
                                          "type": "integer"
                                        }
                                      },
                                      "enabled": {
                                        "type": "boolean"
                                      }
                                    },
                                    "required": [
                                      "name",
                                      "ports",
                                      "enabled"
                                    ]
                                  }
                                },
                                "allowed_failed_attempts": {
                                  "type": "integer"
                                },
                                "exclude_private_networks": {
                                  "type": "boolean"
                                },
                                "minutes_between_failed_attempts": {
                                  "type": "integer"
                                }
                              },
                              "required": [
                                "action",
                                "policy_version",
                                "minutes_to_block",
                                "protected_protocols",
                                "allowed_failed_attempts",
                                "exclude_private_networks",
                                "minutes_between_failed_attempts"
                              ]
                            }
                          },
                          "required": [
                            "osSetting",
                            "metadata"
                          ]
                        },
                        "UNINSTALL_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                },
                                "required": [
                                  "type",
                                  "enabled"
                                ]
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        },
                        "SERVICE_PROTECTION": {
                          "type": "object",
                          "properties": {
                            "osSetting": {
                              "type": "array",
                              "items": {
                                "type": "object",
                                "properties": {
                                  "type": {
                                    "type": "string"
                                  },
                                  "enabled": {
                                    "type": "boolean"
                                  }
                                }
                              }
                            }
                          },
                          "required": [
                            "osSetting"
                          ]
                        }
                      },
                      "required": [
                        "MALWARE_PROTECTION",
                        "WEB_PROTECTION",
                        "EXPLOIT_PROTECTION",
                        "BEHAVIOR_PROTECTION",
                        "APP_BLOCK",
                        "SELF_PROTECTION",
                        "AUTOMATIC_AGENT_UPDATES",
                        "UNPAUSED_AGENT_UPDATES",
                        "SERVICE_HEALTH_MONITORING",
                        "BRUTE_FORCE_PROTECTION",
                        "UNINSTALL_PROTECTION",
                        "SERVICE_PROTECTION"
                      ]
                    }
                  },
                  "required": [
                    "policyId",
                    "policyName",
                    "isDefault",
                    "endpointCount",
                    "groupMetadata",
                    "protectionSetting"
                  ],
                  "x-apidog-orders": [
                    "policyId",
                    "policyName",
                    "isDefault",
                    "endpointCount",
                    "groupMetadata",
                    "protectionSetting"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Security Advisor"
        ],
        "operationId": "api.sam.policy.details"
      }
    },
    "/sam/summary": {
      "get": {
        "description": "Get account Security Advisor Module (SAM) current and achievable scores",
        "summary": "Retrieve SAM scores",
        "security": [
          {
            "client_credentials": [
              "read"
            ]
          }
        ],
        "status": {
          "outage": [
            "auth"
          ]
        },
        "parameters": [
          {
            "name": "authorization",
            "required": true,
            "in": "header",
            "description": "Authorization token",
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "accountid",
            "required": true,
            "in": "header",
            "description": "Your Nebula account id (Ex. \"9256034b-7967-4253-a5d9-260663e4fa4f\")",
            "schema": {
              "type": "string",
              "pattern": "[\\da-fA-F]{8}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{4}-?[\\da-fA-F]{12}$"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "response schema",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "currentCategories": {
                      "type": "array",
                      "title": "Current Security Advisor categories score",
                      "items": {
                        "type": "object",
                        "properties": {
                          "achievableScore": {
                            "type": "integer",
                            "description": "Achievable score for the category"
                          },
                          "active": {
                            "type": "boolean",
                            "description": "Boolean value to indicate if the category is licensed and applicable"
                          },
                          "currentScore": {
                            "type": "integer",
                            "description": "Current score for the category"
                          },
                          "name": {
                            "type": "string"
                          },
                          "percentAchieved": {
                            "type": "integer"
                          },
                          "status": {
                            "type": "string"
                          }
                        },
                        "required": [
                          "achievableScore",
                          "active",
                          "currentScore",
                          "name",
                          "percentAchieved",
                          "status"
                        ]
                      }
                    },
                    "score": {
                      "type": "object",
                      "properties": {
                        "dateTime": {
                          "type": "string"
                        },
                        "status": {
                          "type": "string"
                        },
                        "currentScore": {
                          "type": "integer"
                        },
                        "achievableScoreWithActions": {
                          "type": "integer"
                        },
                        "achievableScoreWithUpgrade": {
                          "type": "integer"
                        },
                        "percentAchieved": {
                          "type": "integer"
                        },
                        "percentAchievableWithActions": {
                          "type": "integer"
                        },
                        "percentAchievableWithUpgrade": {
                          "type": "integer"
                        }
                      },
                      "required": [
                        "dateTime",
                        "status",
                        "currentScore",
                        "achievableScoreWithActions",
                        "achievableScoreWithUpgrade",
                        "percentAchieved",
                        "percentAchievableWithActions",
                        "percentAchievableWithUpgrade"
                      ]
                    }
                  },
                  "required": [
                    "currentCategories",
                    "score"
                  ]
                }
              }
            }
          }
        },
        "tags": [
          "Security Advisor"
        ],
        "operationId": "api.sam.summary"
      }
    }
  },
  "components": {
    "securitySchemes": {
      "client_credentials": {
        "type": "oauth2",
        "flows": {
          "clientCredentials": {
            "tokenUrl": "/token",
            "scopes": {
              "read": "Read data of your Nebula account",
              "write": "Write data, such as groups, policies, exclusions. Create Webhook subscriptions",
              "execute": "Issue jobs on your endpoints, like Scan, Reboot or Isolate."
            }
          }
        }
      }
    }
  }
}